DEV Community

Discussion on: How to invalidate a JWT using a blacklist

Collapse
 
iamdoctorj profile image
Jyotirmaya Sahu • Edited

But then we need to scan the redis store at some intervals to ensure removal of expired tokens.

Collapse
 
chukwutosin_ profile image
Tosin Moronfolu

You could If you want to, but it would be redundant as the expiry date works automatically to ensure it is removed at the set date. Since the expiry date is the same as the one on the token itself, I don't think there is need to check at intervals anymore

Collapse
 
iamdoctorj profile image
Jyotirmaya Sahu

Yes, correct. But, my point is the expired tokens would pile up eventually consuming a significant part of the store memory at some point of time.

Thread Thread
 
chukwutosin_ profile image
Tosin Moronfolu

True, thank you for the feedback.

Thread Thread
 
phlash profile image
Phil Ashby

Maybe choose a shared/distributed store that supports automated expiry of records (eg: MongoDB, Zookeeper, etc.), or can execute scheduled jobs (yes, SQLserver could be the right answer :))

Thread Thread
 
chukwutosin_ profile image
Tosin Moronfolu

Thank you for this, I appreciate it!