![How to Use AI as a Productivity Tool with Mike Kaput [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/v2MAICON-Speaker_Series.png)
![[The AI Show Episode 152]: ChatGPT Connectors, AI-Human Relationships, New AI Job Data, OpenAI Court-Ordered to Keep ChatGPT Logs & WPP’s Large Marketing Model](https://www.marketingaiinstitute.com/hubfs/ep%20152%20cover.png)
![[DEALS] Internxt Cloud Storage Lifetime Subscription: 10TB Plan (87% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Google Play Store not showing Android system app updates [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2021/08/google-play-store-material-you.jpeg?resize=1200%2C628&quality=82&strip=all&ssl=1)
Invalidate session for user in authentication
when user login in my web application (Article Website) I'm using Redis to cache the refresh token. So when user login I will generate refresh token and send it to him. While caching in my Redis the user id as key with same id as value something like this redis.set( `refresh:${user.dataValues.id}`, user.dataValues.id, "EX", +process.env.REFRESH_TOKEN_LIFE_TIME ); but for future when may I need to add multidevice sessions that will not be great so I generated a Json Token Id which is UUID V4 and store it in token payload. it will be something like this const jti = crypto.randomUUID(); redis.set( `refresh:${jti}`, user.dataValues.id, // It will be more info in the future "EX", +process.env.REFRESH_TOKEN_LIFE_TIME ); and when user request for another access token I rotate the refresh token and change the JTI. in short update my session but I have a small issue here. When user change his password I want to invalidate all sessions for him there is no way to invalidate all sessions except scanning all the values in my Redis and I thought of adding the user id with the jti in the key and search using matching keys but the docs say it's not great for production due to many things like performance. and I'm thinking to cache the user id and all JTIs he had using either set in Redis or other way and when I want to invalidate the sessions I just get that value from user id and then get all JTIs from Redis and clear them. the question should I store the JTIs array ? or consider use table in database for auth like Auth.js ?
when user login in my web application (Article Website) I'm using Redis to cache the refresh token. So when user login I will generate refresh token and send it to him. While caching in my Redis the user id as key with same id as value something like this
redis.set(
`refresh:${user.dataValues.id}`,
user.dataValues.id,
"EX",
+process.env.REFRESH_TOKEN_LIFE_TIME
);
but for future when may I need to add multidevice sessions that will not be great so I generated a Json Token Id which is UUID V4 and store it in token payload. it will be something like this
const jti = crypto.randomUUID();
redis.set(
`refresh:${jti}`,
user.dataValues.id, // It will be more info in the future
"EX",
+process.env.REFRESH_TOKEN_LIFE_TIME
);
and when user request for another access token I rotate the refresh token and change the JTI. in short update my session
but I have a small issue here. When user change his password I want to invalidate all sessions for him there is no way to invalidate all sessions except scanning all the values in my Redis and I thought of adding the user id with the jti in the key and search using matching keys but the docs say it's not great for production due to many things like performance. and I'm thinking to cache the user id and all JTIs he had using either set in Redis or other way and when I want to invalidate the sessions I just get that value from user id and then get all JTIs from Redis and clear them.
the question should I store the JTIs array ? or consider use table in database for auth like Auth.js ?
