I tried to implement jwt(JsonWebToken) into node express through mongodb. In the time of generating the token I store the token value into database collection and retrieve token from mongodb and pass it to the next pages And also set a logout option, When I trigger the logout the the token field in the database is got flushed and no more actions performed after this. But the problem is when more than one users logged in the application it is not possible.Because when I clicked logout it clears all the tokens. How can I solve this correctly..?
5
-
how do you save the token? extra collection? or attached to the user collection?CFrei– CFrei2016-05-09 09:47:19 +00:00Commented May 9, 2016 at 9:47
-
Used an extra collection named authentication.LearnCode Master– LearnCode Master2016-05-09 09:47:59 +00:00Commented May 9, 2016 at 9:47
-
Storing jwt's in a database seems to defeat their purpose somewhat. It sounds to me like you're using them as session tokens.robertklep– robertklep2016-05-09 09:48:31 +00:00Commented May 9, 2016 at 9:48
-
Don't store them in the db, store them locally (cookies / html5 web storage) - stormpath.com/blog/…Alex– Alex2016-05-09 09:49:06 +00:00Commented May 9, 2016 at 9:49
-
When it is storing locally, There is no option to logout in a single click. That is why i store it in database.LearnCode Master– LearnCode Master2016-05-09 09:51:44 +00:00Commented May 9, 2016 at 9:51
Add a comment
|
2 Answers
You can store it in the cookies/session. And when logging out, you can delete those values. Should do the trick. Comment: This trick would work fine if you are not developing an app for mobile phones.User should be able to logout from all devices once he clicked logout button just like facebook asks before logging out. Every user would have his own user_id and his own token(you can set the expiry time as you want),so when flushing take the user_id and flush that particular token.
Comments
Just put the req.session.token, by passing token = jwt.sign();
but only after authentication.
And on logout you can actually delete req.session.token
