What we really need is a user-logout webhook for Jira Cloud; without it, our apps cannot synchronize the lifetime of the user sessions our apps create with the lifetimes of Jira user sessions. In other words, it’s possible for a cunning user to re-use an app-generated session token to interact with an app even after that user has logged out of Jira.
See also Ever been fired?