diff --git a/README.md b/README.md
index 57ecee0..5eb32ae 100644
--- a/README.md
+++ b/README.md
@@ -342,3 +342,19 @@ front-end for now and concentrate on my backend Go app.
 For now, I will just test my backend with `curl`.
 
 And today's job is to get the login part done!
+
+### 2024/10/13
+
+Finally it took more than just one night for me to figure out the JWT.
+
+The JWT token is simple because it doesn't need to be stored to and fetched
+from a database. But there is no way to revoke it instead of waiting for the
+expiry date.
+
+To do so, we still have to use a database. We can store a logged out user's
+jti into Redis, and each time we log in, look up the cache to find if the
+user is logged out. And set the cache's timeout to the expiry time of the
+token, so that it is removed automatically.
+
+It'd better to inject the dependency of Redis connection into the `Authn`
+middleware so that it's simpler to test.