Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Offline logout

Avatar for Igor Wojda Igor Wojda
March 26, 2018
Technology
2
320

Offline logout

Interesting logout use case.

Avatar for Igor Wojda

Igor Wojda

March 26, 2018
Tweet

More Decks by Igor Wojda

See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
Avatar for Igor Wojda igorwojda
2
190
Droidcon 2020. Why We Need Clean Architecture
Avatar for Igor Wojda igorwojda
4
1.6k
Modern, maintainable and coRRRect project
Avatar for Igor Wojda igorwojda
0
170
Why do we need Clean Architecture
Avatar for Igor Wojda igorwojda
23
8.7k

Other Decks in Technology

See All in Technology
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
8.6k
LLMエージェント時代に適応した開発フロー
Avatar for Yuya Hirayama hiragram
1
410
あとはAIに任せて人間は自由に生きる
Avatar for Kentaro Kuribayashi kentaro
3
1.1k
我々は雰囲気で仕事をしている / How can we do vibe coding as well
Avatar for Naomi Yamasaki naospon
2
220
ABEMAにおける 生成AI活用の現在地 / The Current Status of Generative AI at ABEMA
Avatar for Yuji Hato dekatotoro
0
650
Understanding Go GC #coefl_go_jp
Avatar for 弁護士ドットコム bengo4com
0
1.1k
Backboneとしてのtimm2025
Avatar for yu4u yu4u
4
1.5k
帳票Vibe Coding
Avatar for terurou terurou
0
140
「守る」から「進化させる」セキュリティへ ~AWS re:Inforce 2025参加報告~ / AWS re:Inforce 2025 Participation Report
Avatar for Yuji Oshima yuj1osm
1
120
DeNA での思い出 / Memories at DeNA
Avatar for Kuniwak orgachem
PRO
3
1.6k
[CVPR2025論文読み会] Linguistics-aware Masked Image Modeling for Self-supervised Scene Text Recognition
Avatar for So Uchida s_aiueo32
0
210
実践アプリケーション設計 ③ドメイン駆動設計
Avatar for Recruit recruitengineers
PRO
1
180

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
890
Designing for Performance
Avatar for Lara Hogan lara
610
69k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
231
18k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
347
40k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
Done Done
Avatar for chrislema chrislema
185
16k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
50
5.5k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k

Transcript

  1. Solving offline logout By Igor Wojda @igorwojda

  2. Not so long long time ago...

  3. Username & password Login request Other request Other request

  4. Why this is not very secure?

  5. Username & password

  6. Solution?

  7. Token 209eb9bb-2f6c-40d6-a9b9-912257492b61

  8. Token

  9. Token Renewal Timeout

  10. Token per client

  11. Token invalidate

  12. Online Logout

  13. Online logout Logout Request Additional operations

  14. Offline Logout

  15. Offline logout Logout Request X No network

  16. Option 1 – delete device token instantly Logout Request X

    No network

  17. Option 2 – delete device token device when online Logout

    Request X No network

  18. Logout user latter using the token Remove token instantly Goals

  19. Solution?

  20. Token Logout token Authentication token

  21. Token Press logout Is online? Delete authentication token Logout (hit

    logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES

  22. • https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •

    https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading

  23. Thanks! ANY QUESTIONS? You can find me at @igorwojda [email protected]