Open Closed

How to prevent access_token reuse when logouted #424


User avatar
0
hungvt created

Hi team, When i logout in angular, i using token copy from access_token in Local Storage to call api service by Postman. Reponse status is 200. How to prevent using access_token reuse when logouted? (Return 401) Thank!

  • ABP Framework version: v3.1.2
  • UI type: Angular
  • Tiered (MVC) or Identity Server Seperated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:

2 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Hello @hungvt,

    It is related with your access token lifetime. Access Tokens used in frontend should have short life span and your application should be silently renewing it when required.

    What is the point of using tokens instead of username/password if you'll keep it valid for 3 years, right?

  • User Avatar
    0
    alexander.nikonov created

    Is it necessary to store tokens in Local Storage? Or in cookies? Isn't it possible to use headers only?

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11