Question from a user:
Regarding logout: As long as no logout is selected on the PC, the front end can be restarted even days later without a login being requested again.
I would like to prevent this and determine from the server when a user has to register again. For example: If user A simply closes the browser without selecting logout, user B can continue userA's session without logging in. I'm looking for a way to determine from the server that a user has to log in again. For example, all tokens should expire at 3:00 a.m. and force users to log in again.
You can set an expiry time in your token. This way you can check for every request is the token is still valid. You can put extra information in your token, ex. User rights.
If the token isn’t valid anymore you can return an error to BOA. This will start the login screen.
oJon:error := “Token is expired” will give the user the login screen.
I’m using Chilkat active-x components to create a JWT (json web token), but you can create it as you wish.
This is some code to create the token.
oJwt := CreateObject("Chilkat_9_5_0.Jwt")
oJose := CreateObject("Chilkat_9_5_0.JsonObject")
oClaims := CreateObject("Chilkat_9_5_0.JsonObject")
// ' Set the timestamp of when the JWT was created to now.
nCurDateTime := oJwt:GenNumericDate(0)
//Set the "not process before" timestamp to now.
// Set the timestamp defining an expiration time (end time) for the token
// to be now + 2 hour (7200 seconds)
oClaims:AddIntAt(-1,"exp",nCurDateTime + (3600*12) ) // 12 hours valid
// Produce the smallest possible JWT:
oJwt:AutoCompact = 1
cJwt := ojwtEmit(),cPassword)
I hope this gives you an answer to your question.