Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
290
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
110
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.5k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.4k
Other Decks in Technology
See All in Technology
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
760
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
OTelCol_TailSampling_and_SpanMetrics
gumamon
1
220
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
210
Taming you application's environments
salaboy
0
200
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
180
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.9k
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
複雑なState管理からの脱却
sansantech
PRO
1
160
Featured
See All Featured
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
A Philosophy of Restraint
colly
203
16k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
The Cost Of JavaScript in 2023
addyosmani
45
6.8k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Thoughts on Productivity
jonyablonski
67
4.3k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]