Old JWT tokens can be used to impersonate a user
Old JWT tokens can be used to impersonate a user and create or update courses on his/her behalf even after user is logged out
- Implement exp for a week in auth middleware
- Implement refresh token in following scenarios
- When user reopens browser every time create an API endpoint that refreshes token if token is not expired and renew the exp time
- Refer here on refresh tokens
Edited by Aditya R Pai