余烬简单身份验证使其他用户无效
[英]ember simple auth invalidate other user
问题描述
I'm new to ember-simple-auth and I need some help. 
我是ember-simple-auth的新手,我需要一些帮助。 Say, there are 3 users, User A is Admin, User B and C are User. 假设有3个用户,用户A为管理员,用户B和C为用户。 User C somehow able to hack User B's account and currently is logged in as User B. User B asked User A to reset his password. 用户C以某种方式能够破解用户B的帐户,并且当前以用户B身份登录。用户B要求用户A重设其密码。
I want to invalidate User C's session (who is currently logged in as User B) after User A reset User B's password. 我想在用户A重设用户B的密码后使用户C的会话(当前以用户B身份登录)无效。
I'm thinking of saving each user's session in a database and every time the user logs out, the session in database is also removed. 我正在考虑将每个用户的会话保存在数据库中,并且每次用户注销时,数据库中的会话也会被删除。
1 个解决方案
解决方案1
1 已采纳 2015-10-22 08:42:15
Just delete or reset the user's token on the server side. 只需在服务器端删除或重置用户的令牌。 The next time they make a request with the old token they'd receive a 401 and will be logged out. 下次他们使用旧令牌进行请求时,他们会收到401,并将注销。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.