Hi We are not using blacklisting way of force logging out users. This leaves us prone to unauthorised access until the expiry time of token is reached. I believe even changing the token expiry in the core won’t change the existing tokens expiry, right? We have a scenario where we want to force logout a user and we can’t wait until the token gets expired. Is there a way to achieve it? I do know changing the signing key in core will lead to logging out of all the users. Thanks.

hey @anupam > even changing the token expiry in the core won’t change the existing tokens expiry, right? That is correct. Implementing force logout of a user requires querying some data source. So you can set the

checkDatabase: true

when calling getSession / verifySession, or you can implement your own caching mechanism where you store a list of userIds that are banned.

Is there something we can do to mitigate the issue at hand till we implement the checkDatabase or custom solution?

nothing without changing some code