You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 22, 2022. It is now read-only.
@ekryski , I just found that even after calling app.logout(), the client can still fetch data from server which are supposed to be restricted to authenticated. this might be the same issue you mentioned here?
@beeplin that one is related to #122. We remove the token from localStorage but the token is still hanging around in the cookie. I've fixed that in the v0.6.1 branch and should be merging that tonight/tomorrow.
This issue will take that further and make sure that token can never be used again by anyone.
So I did a bit of digging and reading this weekend and I don't think this is really an issue if we keep the TTL's of tokens really short and implement a refresh token mechanism. I'm going to close this.
This is dependent on https://github.com/feathersjs/feathers-authentication/issues/73.
The text was updated successfully, but these errors were encountered: