Authentication bearer token issue?
Question
I am using bearer token base authentication. So when a user logged into a system that time a flag is set to TRUE and save in database. And when he logs out then the flag is set to false.
But, because i am using token base authentication so the problem comes when a user remove cookies from the browser. So now if he clears the cookies then that time my flag is not set to false.
Here, i am using Angular.js, Node.js and MongoDB
1 answers
solution1
0 2016-07-29 10:02:06
So when the cookie is cleared in the browser then there is no way you can identify the corresponding database record for user when the request comes in.
So you need to run a cron or something, to periodically clear the unwanted (expired) entities from the database, ie
Along with the flag, you also need to have dateAdded property or (lastModified whichever works for you), then you need to run cron and delete all entities which was created long back or based on expiration time of the access token.
Make sure the identifier you store in cookie is random, so the database entity sits idle for sometime till it gets cleared, but cannot be used by anyone.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.