I'm studying about how to authenticate user in web application. Apparently, one of advantages of using token is it doesn't need to be stored in server(stateless), however given security or invalidation, shouldn't refresh token be stored somewhere like Redis to determine it is invalid token(ex : user logged out) or not ?
Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire