Closed lkgGitHub closed 1 year ago
Have you found a solution?
Can anyone answer please?
There are a couple of limitations that I can see with JWTs by default
You would need some sort of storage (redis, database, memory) to track sessions and revoked / logged out tokens until they timeout
I think the way to get instant logout with the example is by storing the JWT in a cookie. But the token will still be valid if used in another way (header, query, or manually set cookie) until it times out
From docs:
PROVIDED: LogoutHandler
This is a provided function to be called on any logout endpoint, which will clear any cookies if SendCookie is set, and then call LogoutResponse.
The handler itself
func (mw *GinJWTMiddleware) LogoutHandler(c *gin.Context) {
// delete auth cookie
if mw.SendCookie {
// ... Set cookie
}
mw.LogoutResponse(c, http.StatusOK)
}
Docs for setting the JWT in a cookie. https://github.com/appleboy/gin-jwt#cookie-token
If SendCookie
is not true then the JWT cookie will not be set.
I added in the sample code logout. When I logout, I can still access the Hello interface. What I expect is that I can't access the interface after I log out.
evn: go version: go1.18 os: mac 10.15.7
code