I have Django project:
Web App:
I will be creating a web app where Django serves the html pages.
Mobile App:
Here Django acts as backend and Android acts as Frontend. Django api end points supply the data
I am thinking to use JWT for both. But I am not sure how JWT can be managed in web APP.
Suppose some one opens the web app in two chrome tabs for working convinience. After some time he logs out in one of the tab.
If its session cookies, then the other tab will ask for login if one tries to perform any authorized task.
Here how to do this with JWT. I think the only way is i have to expire the JWT
But if i expire the JWT token i will face another problem.
Assume i am loggged into site in firefox and chrome simultaneously
If I expire the JWt token to logout then both chrome and firefox sessions will be logged out. But I want to logout only on chrome or firefox and keep the other live.
For mobile app: I am planning to use long lived JWT tokens.