Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Server side implementation of signOut? #8

Open
aaayushsingh opened this issue Feb 20, 2019 · 2 comments
Open

[Question] Server side implementation of signOut? #8

aaayushsingh opened this issue Feb 20, 2019 · 2 comments

Comments

@aaayushsingh
Copy link

I check out the react boilerplate and it appears signout is done by just deleting the token on client side. What happens if someone steals the token? Or the user wants to invalidate all of their sessions?
@rwieruch
Copy link
Member

rwieruch commented May 14, 2019
edited
Loading

I think you would have to implement a refresh token mechanism here. I didn't want to go too much into detail here, because this application is also used in a tutorial of mine and I didn't want to scare newcomers away from it. But you are right, to avoid a security breach it would be wise to implement a refresh token mechanism.

@rwieruch rwieruch mentioned this issue May 14, 2019
Open
@rwieruch
Copy link
Member

rwieruch commented May 14, 2019
edited
Loading

Related: the-road-to-graphql/fullstack-apollo-express-postgresql-boilerplate#62

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rwieruch @aaayushsingh