Comments (3)
rohfle
commented on June 14, 2024
2
There are a couple of limitations that I can see with JWTs by default
- Tokens will continue to work until they timeout even after logout
- You can use a token that has been "logged out" to refresh indefinitely
- There is no way to tell how many sessions you have active
You would need some sort of storage (redis, database, memory) to track sessions and revoked / logged out tokens until they timeout
I think the way to get instant logout with the example is by storing the JWT in a cookie. But the token will still be valid if used in another way (header, query, or manually set cookie) until it times out
From docs:
PROVIDED: LogoutHandlerThis is a provided function to be called on any logout endpoint, which will clear any cookies if SendCookie is set, and then call LogoutResponse.
The handler itself
func (mw *GinJWTMiddleware) LogoutHandler(c *gin.Context) {
// delete auth cookie
if mw.SendCookie {
// ... Set cookie
}
mw.LogoutResponse(c, http.StatusOK)
}Docs for setting the JWT in a cookie.
https://github.com/appleboy/gin-jwt#cookie-token
If SendCookie is not true then the JWT cookie will not be set.
from gin-jwt.
samsulbahari
commented on June 14, 2024
Have you found a solution?
from gin-jwt.
thangld322
commented on June 14, 2024
Can anyone answer please?
from gin-jwt.
Related Issues (20)
- signature is invalid
- Is it possible to use this middleware with two different token issuers ? HOT 2
- wrong gofight path HOT 3
- How to get claim message in LogoutResponse HOT 1
- Add ParseOption in order to skip claim validation in jwt.Parse method HOT 1
- Option to set a session cookie
- How to get token in register handler? HOT 2
- How do I get multipart/form-data's token? HOT 2
- The correct spelling of the parameter "Authorizator" might be "Authorizer"
- time zone reset again when using the TokenGenerator method HOT 1
- invalid memory address or nil pointer dereference on LoginHandler HOT 1
- How to add HMAC (AK/SK) authentication method on the basis of existing gin-jwt?
- Support for SSO/Oauth
- Is there a way to set the token timeout value dynamically depending on the user?
- How to generate api docs for token and refresh_token?
- MaxRefresh parameter question. HOT 1
- Bug or Feature? ErrExpiredToken string is 'Token is expired' in github.com/golang-jwt/jwt/v4 v4.4.3 HOT 1
- There is no way to override RefreshHandler HOT 2
- Can support dual tokens?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gin-jwt.