- ABP Framework version: v3.0.4
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:
Could you please help us on below queries related to access token
- How to prevent user from logging in multiple times and creating multiple simultaneous sessions.
- How to set session or token timeout in ABP framework? how it is handel this, if user is idel for some time and should be logged out.
- Currently, JSON web token (JWT) is not encrypted and can revealed the email (username) and expiration date of the token. how to encrypt it or is there any configuration settings.
6 Answer(s)
-
0
see https://support.abp.io/QA/Questions/536/How-to-Restrict-users-multiple-login-session
-
0
What about 3rd point . 3. Currently, JSON web token (JWT) is not encrypted and can revealed the email (username) and expiration date of the token. how to encrypt it or is there any configuration settings in ABP.
Also, didnt get clear idea on below how implement session timeout and restrict multiple user login for Angular UI. could you please elaborate on this
https://support.abp.io/QA/Questions/536/How-to-Restrict-users-multiple-login-session
-
0
basically you can save all the generated tokens in a database table, when a new request comes, you'll query the database did you try this https://stackoverflow.com/questions/36151800/asp-net-mvc-identity-securitystamp-signout-everywhere
-
0
basically you can save all the generated tokens in a database table, when a new request comes, you'll query the database
did you try this https://stackoverflow.com/questions/36151800/asp-net-mvc-identity-securitystamp-signout-everywhereCan you please suggest on point #3. We have a vulnerability open which asks to Encrypt the JWT payload using the JSON web encryption (JWE) scheme. Does ABP supports it, please advise on steps to fix it.
-
0
basically you can save all the generated tokens in a database table, when a new request comes, you'll query the database
did you try this https://stackoverflow.com/questions/36151800/asp-net-mvc-identity-securitystamp-signout-everywhereCan you please suggest on point #3. We have a vulnerability open which asks to Encrypt the JWT payload using the JSON web encryption (JWE) scheme. Does ABP supports it, please advise on steps to fix it.
Any update on this request? please advise.
-
0
hi this is not related to the framework. encrypting a JWT token is the subject of Identity Server. so it'd be better to ask to the IDS repository https://github.com/IdentityServer/IdentityServer4
