nueko
commented
7 years ago also throttle login should be added.
Closed youfacepalm closed 7 years ago
nueko
commented
7 years ago also throttle login should be added.
Hi, this kind of a support and feature request.
I have just started to learn jwt authentication mechanism with Laravel. During my research I found this article in which the author claims that storing the jwt token in cookie with httponly flag set is more secure than storing it in local storage. Currently L5AMS is storing token in local storage. Is it possible to provide a feature that enables us to choose where to store tokens during the initial setup?
Another question I have is regarding invalidating access tokens. Lets say a user has logged in to my web app in multiple devices and then successfully completes a password reset request on one of the devices. How do I invalidate or logout the user from all devices that he has logged in since the tokens given to those devices were obtained with an old or potentially breached password?
Thank you for your time and the amazing work! I am using L5AMS v3.3