ABP Framework version: 4.1.3 UI type: Angular Tiered (MVC) or Identity Server Seperated (Angular): yes Exception message and stack trace: Steps to reproduce the issue:
Creating a new ticket as the previous ticket is closed - https://support.abp.io/QA/Questions/536/How-to-Restrict-users-multiple-login-session
Steps performed as per recommendation -
- We are saving latest token at the time of login in database.
- When user login next time again with new browser we are revoking all existing tokens.
- The api we are using to revoke token is https://localhost:44350/connect/revocation and its returning 200 OK
- While testing we have figure out even revoked token is giving results while testing from postman.
- When we login to new browser existing user is not logging out from the browser it because token still alive
What could be the reason for this behaviour even token is revoked and still we can access api’s?
4 Answer(s)
-
0
Hi
I will check it
-
0
Hi,
I can't reproduce the problem, can I check it remotely? shiwei.liang@volosoft.com
-
0
Thanks for your inputs.
I have incorporated all changes you have suggested as given urls
https://github.com/abpframework/abp-samples/blob/master/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.HttpApi.Host/IDSReferenceTokenHttpApiHostModule.cs#L131-L137
https://github.com/abpframework/abp-samples/blob/da789bb0737b9629e4171c2214f89479f3865f10/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.Domain/IdentityServer/IdentityServerDataSeedContributor.cs#L268
https://github.com/abpframework/abp-samples/blob/master/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.Domain/IdentityServer/IdentityServerDataSeedContributor.cs#L83-L88
Still we cannot access api’s from postman using revoked token.
Please let me know if we can have quick remote call to discuss and resolve the issue.
-
0
resolved
