I'm going to use the JWT in my project for authentification. But during implementation I faced with some problem that I didn't resolve by reading a lot of documentation.
- After getting the token I need to store it locally. I can use cookie but I'm not sure that it will securely. It is easy to open dev tool in browser, take a token and use independently from account owner. What's the best way to store it?
- I got the token again. It has information about my account and my permissions. But after that I changed the password and my permissions were changed. And my token hasn't expired yet and I still has access with my old data. I can compare its data with data in data source but I'm not sure that it is good for perfomance. How to fix it?
- This question is the similar with the second one. I found suspicious activity with my account so I want to drop all the tokens. How can I do it?
Aucun commentaire:
Enregistrer un commentaire