You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
JWT not terminated after logout led to sensitive data exposure
To Reproduce
If the JWT token does not expire after the user logs out, it can lead to full account compromise once an attacker grasps the victim’s token since the token can be fetched from the browser history and logs.
Expected behavior
JWT should be terminated after logout
Screenshots
N/A Additional context
N/A
The text was updated successfully, but these errors were encountered:
Describe the bug
JWT not terminated after logout led to sensitive data exposure
To Reproduce
If the JWT token does not expire after the user logs out, it can lead to full account compromise once an attacker grasps the victim’s token since the token can be fetched from the browser history and logs.
Expected behavior
JWT should be terminated after logout
Screenshots
N/A
Additional context
N/A
The text was updated successfully, but these errors were encountered: