It's important to touch on this.
As of Feb-2023, Memberships BETA has a few limitations based on its design and configuration.
Actually, even if you delete the user, they'll still be logged in and have full access to the site until their JWT auth token expires 4 hours after login. Even closing the browser won't log them out, Thanks for bringing this up because it was on my list of things to explore further and ask about so that I can use Memberships properly. I'm guessing that the tokens auto-refresh when they expire, as long as the browser is still open ( and the user active? ) within that refresh window. Webflow might reduce that 4 hour expiry to improve security but that probably comes with a tradeoff, in that users will have to login more often when they return to your site due to the shorter token-life. For upgrades, you can tell users to log-out and log back in to get their enhanced access. For downgrades and lock-outs, you're stuck waiting for the clock to run out. Basically that makes memberships well-suited for basic content delivery, but not suitable for access to sensitive content ( e.g. employee data ) or to sensitive actions that may need blocked. I probably wouldn't build forum software, or an auctions site based on the current BETA auth. Even a commenting system is a bit dicey. But... keen to see how it develops.
https://webflow.circle.so/c/memberships-beta/it-takes-hours-for-an-access-group-change-to-take-effect