* Attempting to invalidate JWT on login (when locked out), but can't figure a way to get a JWT, since we don't store them.
Just committing as I'm going to remove the middleware, this is not worth the performance and complexity.
* Removed some security stuff that didn't line up.
* Dropping Token Expiration down to 2 days to test during release testing.
