It is quite possible to revoke a JWT. Just as a Driver's License can be revoked before it's expiration the same thing can be done to a JSON Web Token. Store a unique identifier in the JWT and provide a revocation list when checking the signature of the JWT. This provides all of the benefits of a Session ID, without having to store all of the Session Information in the database.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It is quite possible to revoke a JWT. Just as a Driver's License can be revoked before it's expiration the same thing can be done to a JSON Web Token. Store a unique identifier in the JWT and provide a revocation list when checking the signature of the JWT. This provides all of the benefits of a Session ID, without having to store all of the Session Information in the database.