You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2020. It is now read-only.
I am using django-rest-framework-jwt in my backend and calling API's from Angular Project.
When user try to login on multiple Browsers, each time a new token is generated for the user on new browser. And every token is valid.
What I want is that when user is already logged in in one browser and he/she tries to login on second different browser the previous token for first browser should be invalidated.
The text was updated successfully, but these errors were encountered:
The main benefit of JWT is that is stateless. With other words this means that the backend does not know anything about the user outside of a typical flow request/response. Storing any information regarding a user on the backend essentially you break the stateless concept. This is not necessarily bad, but as everything, so does has the pros and cons.
Typical you can store these JWTs on the backend (e.x in a database table) or create backend sessions to have real-time monitoring.
But if you really want to do such a thing I would suggest to leave the JWTs tokens because seems like a layer that you do not actually want.
You might be able to use the JWT_GET_USER_SECRET_KEY setting to create a custom function to generate the secret key for the user based on some changing piece of login data stored on the user.
I use a function for this setting to invalidate all old tokens if the user changes their username or password, but you may be able to store and use something like current login IP address, or current login time. You would have to update the user with that data before creating the token, but it would then invalidate all but the login token created with that new secret key.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I am using django-rest-framework-jwt in my backend and calling API's from Angular Project.
When user try to login on multiple Browsers, each time a new token is generated for the user on new browser. And every token is valid.
What I want is that when user is already logged in in one browser and he/she tries to login on second different browser the previous token for first browser should be invalidated.
The text was updated successfully, but these errors were encountered: