Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Offline logout

Avatar for Igor Wojda Igor Wojda
March 26, 2018
Technology
2
320

Offline logout

Interesting logout use case.

Avatar for Igor Wojda

Igor Wojda

March 26, 2018
Tweet

More Decks by Igor Wojda

See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
Avatar for Igor Wojda igorwojda
2
190
Droidcon 2020. Why We Need Clean Architecture
Avatar for Igor Wojda igorwojda
4
1.6k
Modern, maintainable and coRRRect project
Avatar for Igor Wojda igorwojda
0
160
Why do we need Clean Architecture
Avatar for Igor Wojda igorwojda
23
8.7k

Other Decks in Technology

See All in Technology
AI人生苦節10年で会得したAIがやること_人間がやること.pdf
Avatar for shibuiwilliam shibuiwilliam
1
270
Amazon Q と『音楽』-ゲーム音楽もAmazonQで作成してみた感想-
Avatar for いのうえ senseofunity129
0
100
隙間時間で爆速開発! Claude Code × Vibe Coding で作るマニュアル自動生成サービス
Avatar for Akitomo Sato akitomonam
3
250
o11yツールを乗り換えた話
Avatar for tak0x00 tak0x00
1
240
バクラクによるコーポレート業務の自動運転 #BetAIDay
Avatar for LayerX layerx
PRO
1
840
S3 Glacier のデータを Athena からクエリしようとしたらどうなるのか/try-to-query-s3-glacier-from-athena
Avatar for emi emiki
0
180
2025新卒研修・HTML/CSS #弁護士ドットコム
Avatar for 弁護士ドットコム bengo4com
3
13k
2時間で300+テーブルをデータ基盤に連携するためのAI活用 / FukuokaDataEngineer
Avatar for Sansan R&D sansan_randd
0
130
反脆弱性(アンチフラジャイル)とデータ基盤構築
Avatar for CUEBiC Inc. cuebic9bic
2
160
Vision Language Modelと自動運転AIの最前線_20250730
Avatar for Yu Yamaguchi yuyamaguchi
3
1.1k
AIエージェントを現場で使う / 2025.08.07 著者陣に聞く!現場で活用するためのAIエージェント実践入門(Findyランチセッション)
Avatar for Shumpei Miyawaki smiyawaki0820
6
660
相互運用可能な学修歴クレデンシャルに向けた標準技術と国際動向
Avatar for Naohiro Fujie fujie
0
200

Featured

See All Featured
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
58
9.5k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
35
2.5k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
28
3.9k
Code Review Best Practice
Avatar for Trisha Gee trishagee
69
19k
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
31
1.3k
Scaling GitHub
Avatar for Zach Holman holman
461
140k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
110
19k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k

Transcript

  1. Solving offline logout By Igor Wojda @igorwojda

  2. Not so long long time ago...

  3. Username & password Login request Other request Other request

  4. Why this is not very secure?

  5. Username & password

  6. Solution?

  7. Token 209eb9bb-2f6c-40d6-a9b9-912257492b61

  8. Token

  9. Token Renewal Timeout

  10. Token per client

  11. Token invalidate

  12. Online Logout

  13. Online logout Logout Request Additional operations

  14. Offline Logout

  15. Offline logout Logout Request X No network

  16. Option 1 – delete device token instantly Logout Request X

    No network

  17. Option 2 – delete device token device when online Logout

    Request X No network

  18. Logout user latter using the token Remove token instantly Goals

  19. Solution?

  20. Token Logout token Authentication token

  21. Token Press logout Is online? Delete authentication token Logout (hit

    logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES

  22. • https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •

    https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading

  23. Thanks! ANY QUESTIONS? You can find me at @igorwojda igor.wojda@gmail.com