Problems with setting expiration time using jwt

1. When the user logs in successfully, a token, is issued to set the expiration time, which is assumed to be 2 hours.

2. When the user is more than 30 minutes from the expiration time, the user carries the original token access interface, and the original token, is still valid if the new token is not issued.

3. When the user is less than 30 minutes from the expiration time, but does not expire, and the user carries the original token access interface, the original token of the new token, becomes invalid.

4. When the user"s token has expired, issue a new token directly.

this gives users half an hour of no-operation judgment, which is somewhat similar to the previous session. What I want to ask is, is there any drawback to this?

Jwt

Mar.13,2021

using jwt means that the authorization cannot be revoked, but it can be revoked by expiring in the token; in
point 3, you cannot invalidate the original token because you do not know whether the token has issued a new token, or not if it is stored in a database. (this also violates the jwt design?)
Point 4: expired token, cannot issue a new token, directly, and the new token, must be issued with the correct authorization. (this may be your clerical error to express the intention of re-authorization.)

session server, jwt token client, jwt cannot actively revoke authorization.
to say the drawback, is the third point of multi-authorization token problem? It doesn't seem to be a big problem.

each user has his own secret key. If you log out, modify the key once. Is that all right?

Previous: Input will automatically store the previously entered data, how to clear it?

Next: The problem with HTTPS and HTTP

How to implement laravel jwt middleware: first determine whether the toekn has expired, if so, and then refresh it?
existing middleware: jwt.auth , jwt.check , jwt.refresh , jwt.renew either authenticate toekn (jwt.auth) directly or refresh toekn (jwt.refresh) directly so how to determine whether the toekn has expired, and if so, then refresh it? ...

Jwt laravel

Mar.03,2021
How to prevent csrf from jwt
I recently read the use of jwt, and I also used jwt as single sign-on authentication in the small project I wrote, and the back end is nodejs. I ve thought of the principles of csrf,csrf and jwt, and I know pretty much about it, but my question is, can...

Jwt token backend frontend node.js

Mar.03,2021
JWT operation table and Shiro operation table are inconsistent, how to cascade operation
recently, we are working on a Spring Boot-based integrated rights management and authentication system for JWT and Shiro, but the data on the Internet is basically based on the operation of one table (the user table contains user information and their r...

Shiro jwt spring java

Mar.11,2021
Problems with laravel5.5 using jwt
I have referred to the official document http: jwt-auth.readthedocs.i. for configuration and returned as a result. { "token":"bearer 1" } I really don t know why token returned to true., to ask for answers ...

Jwt laravel

Mar.12,2021
What are the advantages and disadvantages of writing to url or body parameters and writing to header when using jwt,token?
our interface uses jwt for authentication, and the frontend needs to carry token when accessing it. There are many places where token can be written, one is that path is written to the url parameter, and the other is that you can set header. Want to know...

Header token jwt

Mar.13,2021
On the Security of token and session generated by jwt
now the project I am working on is separated from the front and rear ends, mainly the development of the api interface. The login logic is like this. first, the user logs in with the account password. If it is correct, the user will automatically genera...

Jwt session token restful java

Mar.13,2021
What's the point of the refreshToken interface?
We all know that pure jwt is stateless on the server, and only one jwt_secret on the server is responsible for pure mathematical verification. There is no need to access the database (whether it is a redis database or a sql database. As for those soluti...

Jwt webserver

Mar.20,2021
The problem of shiro Custom filter intercepting restful style
premise now do a separate front and rear application, use shiro as permission control in the background, use jwt instead of session s stateless web application, customize a shiro filter.url with restful style. All interfaces url begin with api...

Jwt restful shiro spring-mvc

Mar.22,2021
How to realize user logout by flask_jwt
problem description the following code that the flask_jwt encapsulated login, used to log in to get the current user information, but do not know how to log out the user the environmental background of the problems and what methods you have tried ...

Jwt python flask

Mar.30,2021
How does Django rest-framework-jwt rewrite the error message returned?
I used django rest-framework-JWT directly to log in. I want to customize the error message returned and be able to directly indicate whether the user name or password is wrong. where can I change it? ...

Jwt django

Apr.03,2021
How to refresh token after Spring Security uses jwt to generate token
problem description after SpringSecurity is authenticated by user name and password, it returns that the validity period of JWT s token,token is set to 15min, but how do I refresh token, if token does not refresh, then 15min will expire later the e...

Jwt springsecurity

Jun.06,2021
About the expiration time of php-jwt
jwt load information contains an exp, description document that says this is the expiration time of jwt, but I set exp but has no effect. Do I have to write another code to get this exp value to set the expiration time? and how to get the content in the...

Token jwt php

Jun.19,2021
Why does JWT set 2 token??
it is found that when many people on the Internet use JWT, they will set 2 token:access_token and refresh_token,access_token to expire in 2 hours, and refresh_token to expire in 7 days. If the access_token expires, the refresh_token will not expire and ...

Token jwt

Jun.22,2021
The expiration time in jwt keeps the program from reporting errors.
I used until s promisify to change the verify in jwt into Synchronize s. When I called this function and passed in an expired token, he reported an error and the program stopped going! const util = require( util ); const verify = util.promisify(jwt...

Node.js koa2 jwt

Jul.07,2021
Is Laravel Passport's Personal Access Token a kind of JWT?
what is the difference between personal access token and json web token for user Authentication? A personal access token is just a JWT created for user authentication with your own frontend to offer your users a dashboard for managing personal acces...

Jwt oauth laravel php

Aug.10,2021
Vue uses axios to call API problem
the front-end vue calls the java API through axios, using springboot+jwt, to request with post. When there is a token, request in the headers, it will become options, and report 401. I looked for it on the Internet and said that it was a pre-check reque...

Springboot jwt axios java vue.js

Aug.24,2021
The problem of realizing JWT Refresh by integrating Shiro with SpringBoot
SpringBoot integrates Shiro to realize JWT refresh. In which class should refresh token be implemented and how to return a new token (how to get a new token in Controller) to the user when the request is returned? currently my code is like this: do JW...

Springboot shiro jwt

Sep.16,2021
Why does $response- > headers- > set in Laravel have no effect?
ready to develop Mini Program, first test the background API, project to develop using Laravl+jwt+dingo. JWT wants to find such a middleware on the Internet during painless refresh token, testing public function handle($request, Closure $next) ...

Api jwt laravel php

Oct.19,2021
Is the point of the article "seriously, stop using JWT" correct?
" seriously, stop using JWT " is the point of this article correct? ...

Jwt

Nov.24,2021
Jwt is saved in localstorage, how to set http only?
jwt is saved in localstorage. How to set http only? ...

Golang jwt

Jan.28,2022