DEV Community

Discussion on: What is really the difference between Cookie, Session and Tokens that nobody is talking about ?.

codingsafari profile image
Nico Braun • Edited on

usually its more than a few minutes and usually yes you certianly revoke the token as soon as the user clicks logout. You are not going to let the token be valid. And thats just the scenario where probably nothing bad will happen. Sometimes you may know that a token is comprimised and you need to revoke. Even few minutes then can cause damage.

Thread Thread
andreidascalu profile image
Andrei Dascalu

well, like I said, it's up to how you design your application and what concerns you have there. Suffice to say it can be nice to have, but it's not a universal requirement, not by a longshot.

Thread Thread
dev_emmy profile image
nshimiye_emmy Author

yeah, it all depends on how you want to design your application