Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Offline logout

Igor Wojda
March 26, 2018
Technology
2
300

Offline logout

Interesting logout use case.

Igor Wojda

March 26, 2018
Tweet

More Decks by Igor Wojda

See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
130
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.6k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.5k

Other Decks in Technology

See All in Technology
2025-02-21 ゆるSRE勉強会 Enhancing SRE Using AI
yoshiiryo1
1
270
スタートアップ1人目QAエンジニアが QAチームを立ち上げ、“個”からチーム、 そして“組織”に成長するまで / How to set up QA team at reiwatravel
mii3king
2
1.5k
モノレポ開発のエラー、誰が見る?Datadog で実現する適切なトリアージとエスカレーション
biwashi
6
800
エンジニアが加速させるプロダクトディスカバリー 〜最速で価値ある機能を見つける方法〜 / product discovery accelerated by engineers
rince
2
250
TAMとre:Capセキュリティ編 〜拡張脅威検出デモを添えて〜
fujiihda
2
240
データの品質が低いと何が困るのか
kzykmyzw
6
1.1k
『衛星データ利用の方々にとって近いようで触れる機会のなさそうな小話 ~ 衛星搭載ソフトウェアと衛星運用ソフトウェア (実物) を動かしながらわいわいする編 ~』 @日本衛星データコミニティ勉強会
meltingrabbit
0
140
Developer Summit 2025 [14-D-1] Yuki Hattori
yuhattor
19
6.2k
エンジニアのためのドキュメント力基礎講座〜構造化思考から始めよう〜(2025/02/15jbug広島#15発表資料)
yasuoyasuo
16
6.6k
Oracle Cloud Infrastructure:2025年2月度サービス・アップデート
oracle4engineer
PRO
1
200
一度 Expo の採用を断念したけど、 再度 Expo の導入を検討している話
ichiki1023
1
160
エンジニアの育成を支える爆速フィードバック文化
sansantech
PRO
3
1.1k

Featured

See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
12
960
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
Large-scale JavaScript Application Architecture
addyosmani
511
110k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.8k
Building Applications with DynamoDB
mza
93
6.2k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
A designer walks into a library…
pauljervisheath
205
24k
Being A Developer After 40
akosma
89
590k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Scaling GitHub
holman
459
140k

Transcript

  1. Solving offline logout By Igor Wojda @igorwojda

  2. Not so long long time ago...

  3. Username & password Login request Other request Other request

  4. Why this is not very secure?

  5. Username & password

  6. Solution?

  7. Token 209eb9bb-2f6c-40d6-a9b9-912257492b61

  8. Token

  9. Token Renewal Timeout

  10. Token per client

  11. Token invalidate

  12. Online Logout

  13. Online logout Logout Request Additional operations

  14. Offline Logout

  15. Offline logout Logout Request X No network

  16. Option 1 – delete device token instantly Logout Request X

    No network

  17. Option 2 – delete device token device when online Logout

    Request X No network

  18. Logout user latter using the token Remove token instantly Goals

  19. Solution?

  20. Token Logout token Authentication token

  21. Token Press logout Is online? Delete authentication token Logout (hit

    logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES

  22. • https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •

    https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading

  23. Thanks! ANY QUESTIONS? You can find me at @igorwojda [email protected]