Chiuso

How to prevent access_token reuse when logouted #424

hungvt creato 3 anni fa

Hi team, When i logout in angular, i using token copy from access_token in Local Storage to call api service by Postman. Reponse status is 200. How to prevent using access_token reuse when logouted? (Return 401) Thank!

ABP Framework version: v3.1.2
UI type: Angular
Tiered (MVC) or Identity Server Seperated (Angular): yes
Exception message and stack trace:
Steps to reproduce the issue:

2 risposte

0

gterdem creato 3 anni fa
Team di supporto Senior .NET Developer

Hello @hungvt,

It is related with your access token lifetime. Access Tokens used in frontend should have short life span and your application should be silently renewing it when required.

What is the point of using tokens instead of username/password if you'll keep it valid for 3 years, right?
0

alexander.nikonov creato 3 anni fa

Is it necessary to store tokens in Local Storage? Or in cookies? Isn't it possible to use headers only?

Hai una risposta a questa domanda? Accesso e scrivi la tua risposta.

Made with ❤️ on ABP v8.2.0-preview Updated on marzo 25, 2024, 15:11