search

bootsrc / jpassport

token登录模块, SpringBoot2. App的用户登陆后台
http://appjishu.com
Apache License 2.0
112 stars 28 forks source link

Token Expire Time Management #1

Open yxdy1990 opened 5 years ago

yxdy1990 commented 5 years ago

Do you have any idea for the managment of token expire?

bootsrc commented 5 years ago

Do you have any idea for the managment of token expire? Reply This is a good question! I want to add expireTome (expireDelta = Delta) to the project, but I don't have time to do it yet. This is my solution.

Persist expireDelta = Delta (expire interval value) to the database. And write it in redis at the same time. When the user invokes the web API, if the permission authentication passes, set updated 'endTime' to redis( Now endTime = oldEndTime + Delta )

If the user is calling the web API frequently and at intervals < Delta., it can access the API normally all the time without being blocked to the login window. If curentTime < endTime, let the request go ahead.

Just like QQ login. If you log in every day, you can log in automatically. If you don't log in for 2 months, you need to re-enter your password to log in.

Thank you for your support!

yxdy1990 commented 5 years ago

Quick response ! Got it. But I think that It's better to have one API to do the "refresh" action. Instead of updating endTime in every API request. This is my humble opinion.

Thanks !

bootsrc commented 5 years ago

Yes, this is one option