Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
320
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
200
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.6k
Modern, maintainable and coRRRect project
igorwojda
0
170
Why do we need Clean Architecture
igorwojda
23
8.8k
Other Decks in Technology
See All in Technology
QA業務を変える(!?)AIを併用した不具合分析の実践
ma2ri
0
150
ソフトウェアエンジニアの生成AI活用と、これから
lycorptech_jp
PRO
0
910
Azure Well-Architected Framework入門
tomokusaba
1
130
Amazon Athena で JSON・Parquet・Iceberg のデータを検索し、性能を比較してみた
shigeruoda
1
130
AWS DMS で SQL Server を移行してみた/aws-dms-sql-server-migration
emiki
0
250
IoTLT@ストラタシスジャパン_20251021
norioikedo
0
140
NLPコロキウム20251022_超効率化への挑戦: LLM 1bit量子化のロードマップ
yumaichikawa
3
510
OCIjp_Oracle AI World_Recap
shinpy
1
180
クラウドとリアルの融合により、製造業はどう変わるのか?〜クラスメソッドの製造業への取組と共に〜
hamadakoji
0
440
あなたの知らない Linuxカーネル脆弱性の世界
recruitengineers
PRO
3
160
【SORACOM UG Explorer 2025】さらなる10年へ ~ SORACOM MVC 発表
soracom
PRO
0
150
Okta Identity Governanceで実現する最小権限の原則 / Implementing the Principle of Least Privilege with Okta Identity Governance
tatsumin39
0
170
Featured
See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
411
23k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
2.9k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
130k
Writing Fast Ruby
sferik
630
62k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Intergalactic Javascript Robots from Outer Space
tanoku
272
27k
Visualization
eitanlees
149
16k
The Language of Interfaces
destraynor
162
25k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
116
20k
Into the Great Unknown - MozCon
thekraken
40
2.1k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]