Closed

How to prevent access_token reuse when logouted #424

hungvt created 3 years ago

Hi team, When i logout in angular, i using token copy from access_token in Local Storage to call api service by Postman. Reponse status is 200. How to prevent using access_token reuse when logouted? (Return 401) Thank!

ABP Framework version: v3.1.2
UI type: Angular
Tiered (MVC) or Identity Server Seperated (Angular): yes
Exception message and stack trace:
Steps to reproduce the issue:

2 Answer(s)

0

gterdem created 3 years ago
Support Team Senior .NET Developer

Hello @hungvt,

It is related with your access token lifetime. Access Tokens used in frontend should have short life span and your application should be silently renewing it when required.

What is the point of using tokens instead of username/password if you'll keep it valid for 3 years, right?
0

alexander.nikonov created 3 years ago

Is it necessary to store tokens in Local Storage? Or in cookies? Isn't it possible to use headers only?

Have an answer to this question? Log in and write your answer.

Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11