Token Authentication Logout: should I delete the token?

Question

I am building a token-authentication system for a mobile backend with Rails. I understand there is devise, but our auth path is kind like different so I build it from scratch.

Just curious, when a user log out. What should happen to the token in Mobile end and Server end.

1. Should the token in mobile end be deleted?
2. Should the token in server end be deleted? And a new will be generated when this user logged in again.

Thanks!

Answer 1

the token is unique by user and it used to identify the user ,so you don't delete it after logout ,for mobile you may save it to cookies to enable something like remember me but on the server you don't need to delete it