Security

JWT Dual-Token Hardening Postmortem: From Stateless Refresh to Revocable Redis Sessions

A security hardening postmortem for JWT AT/RT architecture: treating Redis reservation as completed and implementing RT rotation, replay detection, and revocable sessions.