Implement Logout RouteSee original GitHub issue
Is your feature request related to a problem? Please describe. Implement a working logout route
Describe the solution you’d like
On going to the logout route, the JWT token should be destroyed and the user would not be able to access protected routes.
The route should be: ‘/users/logout’. You could make a new file named
logout.js in the
users folder and implement logout route there
- Created 3 years ago
- Comments:7 (2 by maintainers)
Top GitHub Comments
Hello. I would like to take up this issue.
My proposed solution is to use a “blocklist” approach.
I plan to use the
expiresIn property of the token during the creation. And will have a blocklist maintained in the cache with TTL equal to
expiresIn. This will mean after a user logs out, the JWT will be blocked and cannot be used to access any route.
This is dependent on #19 (I will use 15 minutes for TTL as specified in the issue).