Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
280
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
1
77
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.5k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.3k
Other Decks in Technology
See All in Technology
スタートアップにおける組織設計とスクラムの長期戦略 / Scrum Fest Kanazawa 2024
yoshikiiida
13
3.6k
「我々はどこに向かっているのか」を問い続けるための仕組みづくり / Establishing a System for Continuous Inquiry about where we are
daitasu
0
170
公共領域から学ぶ クラウド移行についてエンジニアが意識していること
kawakawa2222
0
140
データベース研修 分析向けSQL入門【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
110
ペパボのオブザーバビリティ研修2024 説明資料
kesompochy
0
1.1k
Scaling Technical Excellence at 104: Evolution in AWS and Developer Empowerment
scotthsieh825
1
150
AIエージェントを現場に導入する目線とは
masahiro_nishimi
1
1.5k
VPoEの視点から見た、ヘンリーがサーバーサイドKotlinを使う理由 / Why Server-side Kotlin 2024
cho0o0
1
420
たくさん本を読んだけど 1年後には綺麗サッパリ!を乗り越えて 学習の鬼になるぞ👹
yum3
0
160
Docker互換のセキュアなコンテナ実行環境「Podman」超入門
devops_vtj
6
3.2k
開発と事業を繋ぐ!SREのオブザーバビリティ戦略 ~ Developers Summit 2024 Summer ~
leveragestech
0
630
簡単に始めるSnowflakeの機械学習
nayuts
1
190
Featured
See All Featured
Into the Great Unknown - MozCon
thekraken
20
1.3k
Infographics Made Easy
chrislema
238
18k
Learning to Love Humans: Emotional Interface Design
aarron
269
39k
5 minutes of I Can Smell Your CMS
philhawksworth
200
19k
The Power of CSS Pseudo Elements
geoffreycrofte
64
5.2k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Raft: Consensus for Rubyists
vanstee
134
6.5k
Faster Mobile Websites
deanohume
303
30k
Clear Off the Table
cherdarchuk
89
320k
4 Signs Your Business is Dying
shpigford
178
21k
Atom: Resistance is Futile
akmur
261
25k
Web Components: a chance to create the future
zenorocha
307
41k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]