The combination of a short-term session (represented as JWT) and a long-term session (represented as session ID with database entry) provides a convenient method for revoking sessions.

Revoking a session involves deleting the corresponding long-term session entry from the Corbado database. You can accomplish this easily through the developer panel by accessing the session list.

Technically speaking, the session will persist until the short-term session (represented as JWT) expires. Thus the revocation/logout will be delayed to a maximum of the short-term session (represented as JWT) lifetime.

RefreshOAuth2 comparison