Open Closed

How to prevent access_token reuse when logouted #424


0
hungvt created

Hi team, When i logout in angular, i using token copy from access_token in Local Storage to call api service by Postman. Reponse status is 200. How to prevent using access_token reuse when logouted? (Return 401) Thank!

  • ABP Framework version: v3.1.2
  • UI type: Angular
  • Tiered (MVC) or Identity Server Seperated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:

1 Answer(s)
  • 0
    gterdem created
    Support Team

    Hello @hungvt,

    It is related with your access token lifetime. Access Tokens used in frontend should have short life span and your application should be silently renewing it when required.

    What is the point of using tokens instead of username/password if you'll keep it valid for 3 years, right?