I have developed a simple logout feature in my React & Node.js Authentication service. It deletes only the JWT token saved in the cookie. Sure, we can extend this feature. For example to make a HTTP request and save in the DB the JWT token as deleted to block access to the people that have obtained in some way our JWT token or simply delete the sessions from other devices.