发表新帖
发表新帖

Invalidating JSON Web Tokens

前端 未结
关注
28 2819
夕颜
夕颜 2020-11-22 06:17

For a new node.js project I\'m working on, I\'m thinking about switching over from a cookie based session approach (by this, I mean, storing an id to a key-value store conta

28条回答
  • 暗喜
    暗喜 (楼主)
    2020-11-22 06:57

    Late to the party, MY two cents are given below after some research. During logout, make sure following things are happening...

    Clear the client storage/session

    Update the user table last login date-time and logout date-time whenever login or logout happens respectively. So login date time always should be greater than logout (Or keep logout date null if the current status is login and not yet logged out)

    This is way far simple than keeping additional table of blacklist and purging regularly. Multiple device support requires additional table to keep loggedIn, logout dates with some additional details like OS-or client details.

    0 讨论(0)
 看不清?
提交回复
热议问题