Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Igor Wojda
March 26, 2018
Technology
2
340
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
220
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.7k
Modern, maintainable and coRRRect project
igorwojda
0
180
Why do we need Clean Architecture
igorwojda
23
8.8k
Other Decks in Technology
See All in Technology
インシデント対応入門
grimoh
7
5.4k
AIエージェントで変わる開発プロセス ― レビューボトルネックからの脱却
lycorptech_jp
PRO
2
790
AIエンジニア Devin と歩む、自律型運用プロセスの構築
a2ito
0
270
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
14k
「データとの対話」の現在地と未来
kobakou
0
940
論文検索を日本語でできるアプリを作ってみた
sailen2
0
140
AI が Approve する開発フロー / How AI Reviewers Accelerate Our Development
zaimy
1
230
LINEヤフーにおけるAI駆動開発組織のプロデュース施策
lycorptech_jp
PRO
0
190
AI活用を"目的"にしたら、データの本質が見えてきた - Snowflake Intelligence実験記 / chasing-ai-finding-data
pei0804
0
810
Microsoft Fabric のワークスペースと容量の設計原則
ryomaru0825
2
210
チームメンバー迷わないIaC設計
hayama17
5
3.1k
Digitization部 紹介資料
sansan33
PRO
1
6.9k
Featured
See All Featured
Faster Mobile Websites
deanohume
310
31k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
170
AI: The stuff that nobody shows you
jnunemaker
PRO
3
340
The Cult of Friendly URLs
andyhume
79
6.8k
Being A Developer After 40
akosma
91
590k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
130
Amusing Abliteration
ianozsvald
0
120
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.4k
The Curse of the Amulet
leimatthew05
1
9.3k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
199
72k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]
igorwojda
grimoh
lycorptech_jp
a2ito
sansan33
kobakou
sailen2
zaimy
pei0804
ryomaru0825
hayama17
deanohume
maggiecrowley
nikkihalliwell
jnunemaker
andyhume
akosma
katarinadahlin
ianozsvald
tammyeverts
leimatthew05
soudai
marcelosomers
![Thanks! ANY QUESTIONS? You can find me at @igorwojda [email protected]](https://files.speakerdeck.com/presentations/b8c4a9c8ad104b868ad42c65731a8a6a/slide_22.jpg){kind=link}