Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Igor Wojda
March 26, 2018
Technology
360
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
260
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.7k
Modern, maintainable and coRRRect project
igorwojda
0
200
Why do we need Clean Architecture
igorwojda
23
8.9k
Other Decks in Technology
See All in Technology
CIで使うClaude
iwatatomoya
0
250
あなたの『Site』はどこですか? — xREという考え方
miyamu
0
1.2k
知らん間に、回ってる
ming_ayami
0
540
“それは自分の仕事じゃない"を越えて行け
yuukiyo
0
140
CSに"SLO"は要らない、経営層に"99.9%"は伝わらない - SREを全社に"翻訳"する3原則
cscengineer
PRO
1
4.5k
オブザーバビリティ、本当に活用できてる? 〜API連携×生成AIで成熟度を自動評価〜
dmmsre
1
3.1k
Zoom2Youtube.Claude
kawaguti
PRO
3
490
AI時代の開発生産性は、個人技からチーム設計へ
moongift
PRO
2
210
クラウド上のデータ復旧で見落としがちな制約: 医療系 SaaS の BCP 設計から得た教訓
kakehashi
PRO
0
3.4k
GuardrailからGovernanceへ~AIエージェント運用の次の課題~
sbspsy
2
270
実装だけじゃない! CCA-F取得エンジニアが教えるClaude Code開発プロセス活用術
diggymo
2
670
AI Agent SaaS を支える自社仮想化基盤への挑戦と実運用 / ai-agent-saas-virtualization
flatt_security
2
3.8k
Featured
See All Featured
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
2
420
Test your architecture with Archunit
thirion
1
2.3k
Into the Great Unknown - MozCon
thekraken
41
2.6k
Paper Plane (Part 1)
katiecoart
PRO
0
9.6k
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
450
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Producing Creativity
orderedlist
PRO
348
40k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
220
Raft: Consensus for Rubyists
vanstee
141
7.6k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
240
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.5k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]