Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

solve the jwt lifecycle problem #6

Open
nourabousoha opened this issue Dec 29, 2017 · 2 comments
Open

solve the jwt lifecycle problem #6

nourabousoha opened this issue Dec 29, 2017 · 2 comments
Assignees
@rebirthtobi
Labels
enhancement

Comments

@nourabousoha
Copy link
Contributor

nourabousoha commented Dec 29, 2017
edited
Loading

@rebirthtobi We have to solve the problem of the token life cycle what should be done if the user logout.
should we start those token in the database and delete them in the end of the session.
we need your help tobi
@nourabousoha nourabousoha mentioned this issue Dec 31, 2017
Closed
@rebirthtobi
Copy link

Depends on the way we store the token, although it will be stored using local storage or session storage. On click on logout, it will delete the session storage and local session on the client side and there is nothing to do on the client side

@nourabousoha
Copy link
Contributor Author

I mean the token that give access to the api It will be always a valid one and if someone keep his token he will always be able to use it
so the solutions i read in tutos speak about keeping trace of all the deleted ( a kind of blacklist )used tokens in the database and assure that the users don't use them again.
please have a look to this post. https://stackoverflow.com/questions/31919067/how-can-i-revoke-a-jwt-token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rebirthtobi rebirthtobi

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nourabousoha @rebirthtobi