Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
4.6k views
in Technique[技术] by (71.8m points)

session - Best practice for handling automatic logout redirect with JavaScript

We have a requirement to automatically logout / redirect users to the login page after X idle time. This will most likely be implemented with some type of JavaScript method that would require minimal but some knowledge of the session details. The application authenticates via an IDaaS provider that returns a JWT. We could stuff just part of the JWT such as the expiration into a cookie but we're required to use httpOnly which isn't available to JavaScript.

My thought is to create a second cookie with simply the automatic logout time / expiration. It would be independent of the actual server-side session management and really just to handle the redirect. In our security audit I'm sure we'll still be dinged for a non-httpOnly cookie though. My other thought is to create a JS timer to handle the redirect (again, unrelated to actually invalidating the JWT). So what is the best practice to handle the automatic logout / redirect?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...