Home
In Depth Articles
Security Tips
Archives
About
Laravel Security Audits & Pentests
Practical Laravel Security Course

Sign in Subscribe

JWT

Security Tip: Your JWT Might Be a Forever Key!

Security Tips

Security Tip: Your JWT Might Be a Forever Key!

[Tip #127] Without an `exp` claim, a JWT can remain valid forever, turning a leaked token into permanent access.

By Stephen Rees-Carter 09 Mar 2026

Securing Laravel

The essential security resource for Laravel developers.

Recommendations

Practical Laravel Security
practicallaravelsecurity.com
A hands-on practical Laravel Security course that uses interactive hacking exercises to teach you how to keep your applications secure. Because learning security doesn’t have to be boring!
Laravel Security Audits and Penetration Testing
valorinsecurity.com
Worried about the security of your Laravel app, or have a compliance deadline coming up? Book in a Security Audit today and get your app secured, before a hacker comes along...
Laravel Security Reviews
stephenreescarter.net/laravel-security-reviews
Are you concerned about the security of your app, but don’t have the budget for a full Security Audit and Penetration Test? These fixed-price reviews are what you're looking for!

Subscribe
In Depth Articles
Security Tips
Archives
Stephen's Socials

Powered by Ghost

Securing Laravel

The essential security resource for Laravel developers.