I have a nodejs as the api server and react as the web app. I only use jwt token to authenticate users and store the token in browser local storage. How do I force a user to logout?
Asked
Active
Viewed 2,449 times
2
-
1Why you need to force user logout? – Randall May 20 '20 at 05:33
-
1@Randall When you find out the user is hacking your website. – Feng Liu May 20 '20 at 22:03
-
FYI re your recent deleted question: Those are the "full width" characters, for instance 1 is [U+FF11](https://util.unicode.org/UnicodeJsps/character.jsp?a=FF11). It wouldn't be unreasonable to not support those characters and to require standard digits instead. But if you want to support them, you can convert them to standard digits (and then to a number) by subtracting 0xFF10 from their character code to get the numeric value (U+FF10 is 0, so if you take that code point and subtract 0xFF10 from it, you get the number zero) then add 0x30 (48) which is the code point for the character `0` ... – T.J. Crowder Dec 16 '20 at 09:29
-
...and build a new digit out of that. Then join those digits together and parse them: `const number = parseInt([...digits].map(ch => String.fromCodePoint(ch.codePointAt(0) - 0xFF10 + 0x30)).join(""), 10);` – T.J. Crowder Dec 16 '20 at 09:29
3 Answers
3
You better store token in your server side. Then you can easily revoke or remove a token. User has to authorize or validate token each time when they use your api. If your use express session, you can just call req.session.destroy().
Edward New
- 46
- 6
1
The token can contain an expiration date as part of the payload. This way every time you make an api call with that token you can check if the date is expired.You can have middleware that performs this check on every request. If the token is expired, you can force them to re-login and assign a new token at that point.
Alboman
- 325
- 1
- 6
