I am very new to JWT and I ended up inheriting code using JWT. Now there are some very fundamental problems that I have encountered, and I cannot find the answers. This question is not code based, so please bear with me.
Say my JWT token is valid for 4 hours. Here are my requirements / limitations
If the user works after 3 hours 59 minutes. their session should be extended by 2 hours and they do not need to re-enter credentials.
Client side java script should not cache user credentials in any way.
It is good to update the JWT token with a new one ... but you should not do this with every request you make on the server. Therefore, the client must be smart in order to renew the JWT token when the time is right. You should not try to issue a new token with every request that you make in the application, because we will end the scenario in which we have 1000 active tokens generated during the session, and all of them are active. this makes the discharge requirement even more difficult.
As soon as the user presses the shutdown button. The JWT token should no longer be used. Despite the fact that its service life remains valid.
If a message is displayed. All tokens that have been issued (as part of a session extension) must be invalidated. Not just the last one.
JWT, , , JWT. . JWT.