how to destroy jwt token on logout at server side php

[gamotmohit]

There is no code available which can tell how can we destroy JWT token on server in PHP.

[GuiiSantos]

       if(isset($_SESSION['jwt_token'])) {
            unset($_SESSION['jwt_token']);
            $response = ["message" => "Destroyed session token"];
            echo json_encode($response);
        } else {
            $response = ["message" => "User is not logged in"];
            echo json_encode($response);
        }

You can use the unset function in PHP to destroy a JWT token stored in a session, as shown in your provided code. This will effectively remove the token from the session, making it invalid for future requests.

Good luck with your implementation!

[bshaffer]

@gamotmohit that's because the tokens are not stored anywhere by this library. So destroying them would depend on your implementation.

JWTs are created by this library in memory only. Because they are signed, the only way to destroy them would be to remove them from memory, or from whatever cache you're using.

If you have a more specific question, such as how to rotate the keys you are using to sign, try reading up on best practices for securing your application. Good luck!