BUG: Pressing logout does not invalidate token #9

New issue

Closed

opened 2020-12-31 06:27:55 +02:00 by hiimgoodpack · 1 comment

hiimgoodpack commented 2020-12-31 06:27:55 +02:00

Contributor

Copy link

When you press logout, your token can still be used.

In the implementation of /browser/token/clear, the only thing that's done is remove the cookie for the token.

When you press logout, your token can still be used. In the implementation of /browser/token/clear, the only thing that's done is remove the cookie for the token.

hippoz commented 2020-12-31 11:12:14 +02:00

Owner

Copy link

JWT tokens are very difficult to impossible to invalidate, due to the fact that they are only stored on the client. Issue will still remain open until I find a solution.

JWT tokens are very difficult to impossible to invalidate, due to the fact that they are only stored on the client. Issue will still remain open until I find a solution.

hippoz added the

bug

label 2020-12-31 13:15:56 +02:00

hippoz closed this issue 2021-09-10 23:08:38 +03:00

This repo is archived. You cannot comment on issues.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: hippoz/brainlet#9

No description provided.