身份验证承载令牌问题?
[英]Authentication bearer token issue?
问题描述
I am using bearer token base authentication. 
我正在使用承载令牌基础身份验证。 So when a user logged into a system that time a flag is set to TRUE and save in database. 因此,当用户登录系统时,标志设置为TRUE并保存在数据库中。 And when he logs out then the flag is set to false. 当他注销时,该标志将设置为false。
But, because i am using token base authentication so the problem comes when a user remove cookies from the browser. 但是,因为我使用的是基于令牌的身份验证,所以当用户从浏览器中删除Cookie时,问题就来了。 So now if he clears the cookies then that time my flag is not set to false. 因此,现在,如果他清除cookie,那么那时候我的标志不会设置为false。
Here, i am using Angular.js, Node.js and MongoDB 在这里,我正在使用Angular.js,Node.js和MongoDB
1 个解决方案
解决方案1
0 2016-07-29 10:02:06
So when the cookie is cleared in the browser then there is no way you can identify the corresponding database record for user when the request comes in. 因此,当在浏览器中清除cookie时,您将无法在请求进入时为用户标识相应的数据库记录。
So you need to run a cron or something, to periodically clear the unwanted (expired) entities from the database, ie 因此,您需要运行cron或其他操作,以定期从数据库中清除不需要的(过期的)实体,即
Along with the flag, you also need to have dateAdded property or (lastModified whichever works for you), then you need to run cron and delete all entities which was created long back or based on expiration time of the access token. 除了标志之外,还需要具有dateAdded属性或(适用于您的lastModified),然后需要运行cron并删除很久以前创建的或基于访问令牌的到期时间创建的所有实体。
Make sure the identifier you store in cookie is random, so the database entity sits idle for sometime till it gets cleared, but cannot be used by anyone. 确保您存储在cookie中的标识符是随机的,因此数据库实体会闲置一段时间直到被清除,但任何人都无法使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.