Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is_single_device为false的情况下如何主动清除token? #24

Open
MzxVegle opened this issue Oct 18, 2024 · 1 comment
Open

is_single_device为false的情况下如何主动清除token? #24

MzxVegle opened this issue Oct 18, 2024 · 1 comment
Labels
help wanted Extra attention is needed question Further information is requested

Comments

@MzxVegle
Copy link

  1. is_single_device为false的情况下,clear是无效的么?看源码里获取了一下config就返回true了。那如果要注销某个用户怎么办?
  2. 多次调用generateToken生成同一个用户的token,这些token都是有效的,得等他到过期时间自己失效,也没法delete、clear或者重设个超时时间,这是不是不太合理啊?还是说这些东西得自己来实现,例如把生成出来的token信息存在session或者db里,这个库只是生成和解析token?
@Tinywan
Copy link
Owner

Tinywan commented Oct 18, 2024

  1. is_single_devicefalse clear是无效的。因为不存储令牌。
  2. generateToken 生成同一个用户的token都是有效的,未失效前都是有效的。目前安全的做法是令牌时间设置短一些或者开启单点登录 is_single_devicetrue

@Tinywan Tinywan added help wanted Extra attention is needed question Further information is requested labels Nov 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tinywan @MzxVegle