Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Offline logout

Igor Wojda
March 26, 2018
Technology
2
310

Offline logout

Interesting logout use case.

Igor Wojda

March 26, 2018
Tweet

More Decks by Igor Wojda

See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
160
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.6k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.6k

Other Decks in Technology

See All in Technology
Writing Ruby Scripts with TypeProf
mame
0
350
生成AIのユースケースをとにかく集めてまるっと学ぶ!/ all about generative ai usecases
gakumura
2
220
Automatically generating types by running tests
sinsoku
2
3.6k
Cursor AgentによるパーソナルAIアシスタント育成入門―業務のプロンプト化・MCPの活用
os1ma
15
5.1k
AI Agentを「期待通り」に動かすために:設計アプローチの模索と現在地
kworkdev
PRO
2
470
ここはMCPの夜明けまえ
nwiizo
30
11k
Oracle Cloud Infrastructure:2025年4月度サービス・アップデート
oracle4engineer
PRO
0
100
Стильный код: натуральный поиск редких атрибутов по картинке. Юлия Антохина, Data Scientist, Lamoda Tech
lamodatech
0
780
AWSの新機能検証をやる時こそ、Amazon Qでプロンプトエンジニアリングを駆使しよう
duelist2020jp
1
270
Making a MIDI controller device with PicoRuby/R2P2 (RubyKaigi 2025 LT)
risgk
1
310
勝手に!深堀り!Cloud Run worker pools / Deep dive Cloud Run worker pools
iselegant
3
490
今日からはじめるプラットフォームエンジニアリング
jacopen
8
1.6k

Featured

See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.7k
How to train your dragon (web standard)
notwaldorf
90
6k
Side Projects
sachag
453
42k
How to Ace a Technical Interview
jacobian
276
23k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
For a Future-Friendly Web
brad_frost
176
9.7k
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.8k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Music & Morning Musume
bryan
47
6.5k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
2.9k
Adopting Sorbet at Scale
ufuk
76
9.3k

Transcript

  1. Solving offline logout By Igor Wojda @igorwojda

  2. Not so long long time ago...

  3. Username & password Login request Other request Other request

  4. Why this is not very secure?

  5. Username & password

  6. Solution?

  7. Token 209eb9bb-2f6c-40d6-a9b9-912257492b61

  8. Token

  9. Token Renewal Timeout

  10. Token per client

  11. Token invalidate

  12. Online Logout

  13. Online logout Logout Request Additional operations

  14. Offline Logout

  15. Offline logout Logout Request X No network

  16. Option 1 – delete device token instantly Logout Request X

    No network

  17. Option 2 – delete device token device when online Logout

    Request X No network

  18. Logout user latter using the token Remove token instantly Goals

  19. Solution?

  20. Token Logout token Authentication token

  21. Token Press logout Is online? Delete authentication token Logout (hit

    logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES

  22. • https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •

    https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading

  23. Thanks! ANY QUESTIONS? You can find me at @igorwojda igor.wojda@gmail.com