Save 37% off PRO during our Black Friday Sale! »

Offline logout

E481624463bdb1c97c46e2155408acb4?s=47 Igor Wojda
March 26, 2018
Technology
2
180

Offline logout

Interesting logout use case.

E481624463bdb1c97c46e2155408acb4?s=128

Igor Wojda

March 26, 2018
Tweet

More Decks by Igor Wojda

See All by Igor Wojda
E481624463bdb1c97c46e2155408acb4?s=48 igorwojda
3
1.1k
E481624463bdb1c97c46e2155408acb4?s=48 igorwojda
0
100
E481624463bdb1c97c46e2155408acb4?s=48 igorwojda
23
6.9k

Other Decks in Technology

See All in Technology
C825832c4fc71ffdfd44905729281fb0?s=48 puhitaku
0
2.8k
997716e957fe4db19491b2794346a7ce?s=48 airreader
0
290
D0a6969000c3715087b3a00abd646d20?s=48 timeseriesfr
0
220
D8d463da5ab4a99265ffc1d12e76cbc9?s=48 sagara
0
180
4852f047f15c6ef357eb08c62d1c31bf?s=48 shimasan
0
220
53850955f15249a1a9dc49df6113e400?s=48 line_developers
PRO
0
250
11ab209b6dcacad4e5aa841af533a937?s=48 katahiro12345
0
100
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
0
1k
A60224e356e52f631bec70bc9df52889?s=48 empitsu
2
2k
88964b936e864ca7d326272eaa70fa9a?s=48 hgsgtk
PRO
11
4k
D0a6969000c3715087b3a00abd646d20?s=48 timeseriesfr
0
230
A13fd21165bce344d35fd1d1245e14f2?s=48 aachan5550
0
350

Featured

See All Featured
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
180
14k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
148
20k
48c098b6579220a67a6ba949be6e4b5a?s=48 revolveconf
204
10k
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
288
19k
11c84dff30266b907714802088852677?s=48 jasonvnalue
88
8.4k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
191
14k
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
211
7.2k
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
223
120k
Ba530e786553390f3fb271848485681c?s=48 3n
169
23k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
595
210k
B47b288784fda77a94aeb234ca743c24?s=48 keavy
111
15k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.7k

Transcript

  1. Solving offline logout By Igor Wojda @igorwojda

  2. Not so long long time ago...

  3. Username & password Login request Other request Other request

  4. Why this is not very secure?

  5. Username & password

  6. Solution?

  7. Token 209eb9bb-2f6c-40d6-a9b9-912257492b61

  8. Token

  9. Token Renewal Timeout

  10. Token per client

  11. Token invalidate

  12. Online Logout

  13. Online logout Logout Request Additional operations

  14. Offline Logout

  15. Offline logout Logout Request X No network

  16. Option 1 – delete device token instantly Logout Request X

    No network

  17. Option 2 – delete device token device when online Logout

    Request X No network

  18. Logout user latter using the token Remove token instantly Goals

  19. Solution?

  20. Token Logout token Authentication token

  21. Token Press logout Is online? Delete authentication token Logout (hit

    logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES

  22. • https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •

    https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading

  23. Thanks! ANY QUESTIONS? You can find me at @igorwojda igor.wojda@gmail.com