Update 7project/backend/app/core/security.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

7project/backend/app/core/security.py

@@ -3,7 +3,14 @@ import re
 import jwt
 from fastapi import Request
 
-# Simple in-memory revocation store. In production, consider Redis or database.
+# Simple in-memory revocation store for revoked JWT tokens.
+# 
+# Limitations:
+# - All revoked tokens will be lost if the process restarts (data loss on restart).
+# - Not suitable for multi-instance deployments: the revocation list is not shared between instances.
+#   A token revoked in one instance will not be recognized as revoked in others.
+# 
+# For production, use a persistent and shared store (e.g., Redis or a database).
 _REVOKED_TOKENS: set[str] = set()
 
 # Bearer token regex