DEV Community

Discussion on: JSON web tokens are NOT meant for authenticating the same user repeatedly: Use session tokens instead

Collapse
 
rihan profile image
Rihan

Including a version is something I've never thought of and will change my life, thanks!

Collapse
 
blackr1234 profile image
blackr1234

You don't have to add a version number as one of the JWT claims. You can simply check if the issued-at value is before the updated-at value of your user record. If it is, that means the user record has been updated after the token is issued, so the user should login again to get a new token.