How can i expire my JWT token, when user is idle for sometime(Token based authorization) in nodeJS/Express and Angular

Question

I am generating the JWT token for a user when he logs in with correct credentials at Server side.Previously,I was storing the token in database and for every request I am getting the token from database which leads to bad practice(If i am not wrong).At client side(In my controller),i can store that token in $rootscope so that i can send that token with each and every request.I am unable to find where should i store my JWT token to access at server side for every request??

1. Some one,suggested me to use Redis to store JWT token.
2. If i use Redis,can i set maxAge for my token which deletes the token when user is idle for certain time??

Can any one please provide me the suggestions for my procedure?If it is wrong,Suggest me with a right approach!

Note:I am new to NodeJS/Express and AngularjS

Answer 1

JWT's have an exp claim. Set it to the time to which you want the tokens to be valid and have a check in the route if the token has expired. If it has, send a 401. Else let the route handle the request.

Answer 2

The simplest way:

Add 'validDate' field to token payload when you issue new token for logged user, then check this field when processing the request. If date is expired just return 401 error