From eb7b2290b8531ede452797c15b0ab7c299995f7a Mon Sep 17 00:00:00 2001
From: Dejan Ribarovski <derib2613@uis.no>
Date: Thu, 23 Oct 2025 19:14:22 +0200
Subject: [PATCH] Update 7project/backend/app/core/security.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 7project/backend/app/core/security.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/7project/backend/app/core/security.py b/7project/backend/app/core/security.py
index 157f653..2093cbb 100644
--- a/7project/backend/app/core/security.py
+++ b/7project/backend/app/core/security.py
@@ -3,7 +3,14 @@ import re
 import jwt
 from fastapi import Request
 
-# Simple in-memory revocation store. In production, consider Redis or database.
+# Simple in-memory revocation store for revoked JWT tokens.
+# 
+# Limitations:
+# - All revoked tokens will be lost if the process restarts (data loss on restart).
+# - Not suitable for multi-instance deployments: the revocation list is not shared between instances.
+#   A token revoked in one instance will not be recognized as revoked in others.
+# 
+# For production, use a persistent and shared store (e.g., Redis or a database).
 _REVOKED_TOKENS: set[str] = set()
 
 # Bearer token regex