'When you want to change User's data, should you delete the jwt and create a new one for the session?
I am implementing in React and Node, update of user's data.
- After making the change in DB, should you delete that token and generate a new one?
- Updating values in Redux?
Solution 1:[1]
We generally do not store more than 5 fields of data in a JWT token. So, for example, you store these fields in the token:
username
role
Until you're modifying these fields in the database, the token is valid.
But, in case you've modified these fields:
You need to communicate the newly generated token to your React application. This ensures that the user stays logged in.
Or, just redirect the user to login page as an easy fix.
Moreover, you should not keep tokens longer than required i.e, set an expiration date on the token.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Amit |