In my project, every time a user logs in, a valid jwt record is generated for him. This way the user can manage all his login jwt record on different endpoints.
On apps, this works fine because an app generally only logs back in after logging out of previous login credentials.
On browsers it also works well if not in incognito mode, deleting when logging out.
But in incognito mode on browsers, if the user checks "stay logged in", a lot of jwt records are generated, but there is no opportunity to delete them unless it's a long time later.
Deleting them after a short period of time will cause "Stay logged in" to not work for users in normal browser mode.
What should I do?