Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
350
2
Share
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
240
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.7k
Modern, maintainable and coRRRect project
igorwojda
0
190
Why do we need Clean Architecture
igorwojda
23
8.8k
Other Decks in Technology
See All in Technology
エージェントスキルを作って自分のインプットに役立てよう
tsubakimoto_s
0
510
知ってた?JavaScriptの"正しさ"を検証するテストが5万以上もあること(Test262)
riyaamemiya
0
130
AWS Transform CustomでIaCコードを自由自在に変換しよう
duelist2020jp
0
230
AgentCore Managed Harness を使ってみよう
yakumo
2
300
試作とデモンストレーション / Prototyping and Demonstrations
ks91
PRO
0
160
アクセシビリティはすべての人のもの
tomokusaba
0
230
Angular Architecture Revisited Modernizing Angular Architectural Patterns
rainerhahnekamp
0
120
小説執筆のハーネスエンジニアリング
yoshitetsu
0
910
GitHub Copilot CLI と VS Code Agent Mode の使い分け
tomokusaba
0
130
小さいVue.jsを30分で作る
hal_spidernight
0
130
ブラウザの投機的読み込みと投機ルールAPIを理解し、Webサービスのパフォーマンスを最適化する
shuta13
2
260
ServiceNow Knowledge 26 の歩き方
manarobot
0
310
Featured
See All Featured
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
820
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
110
WENDY [Excerpt]
tessaabrams
10
37k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
320
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.8k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
290
GraphQLの誤解/rethinking-graphql
sonatard
75
12k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
180
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
240
Docker and Python
trallard
47
3.8k
Ruling the World: When Life Gets Gamed
codingconduct
0
220
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.5k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]
igorwojda
tsubakimoto_s
riyaamemiya
duelist2020jp
yakumo
ks91
tomokusaba
rainerhahnekamp
yoshitetsu
hal_spidernight
shuta13
manarobot
aleyda
marketingsoph
tessaabrams
greggifford
jnunemaker
tammyeverts
sonatard
sabderemane
techseoconnect
trallard
codingconduct
signer
![Thanks! ANY QUESTIONS? You can find me at @igorwojda [email protected]](https://files.speakerdeck.com/presentations/b8c4a9c8ad104b868ad42c65731a8a6a/slide_22.jpg){kind=link}