At what point is it appropriate for me to delete the token?

Seeking Answers: Token Dilemmas

  1. Is it best to create the token upon user login and registration, or just on login?
  2. Should the token be saved in local storage?
  3. Do I need to send the token after every user request?
  4. Should the token only be destroyed after logout?
  5. When a user registers, should I save their initial token in local storage and then replace it when they log in with a new one? Should the old token be destroyed and replaced?
  6. Lastly, how can I use the token to allow users to login immediately after registering?

Apologies for burdening you with these questions, but they are crucial in my authentication endeavors.

javascriptexpressjwttoken

Answer №1

1- Access granted upon login

2- Avoid storing sensitive information in localStorage, opt for an HttpOnly cookie instead

3- Verification of token validity is essential

4- Consider the necessity of retaining user transaction history when deciding whether to store tokens

5- Redirect users with valid tokens directly to the app page to prevent repeated logins; old tokens should not be automatically removed to accommodate multi-device usage

6- Issue and save tokens on the front end before redirecting users to the application, bypassing the login process.

Addressing the main query, when should tokens be deleted?

1- Tokens should be deleted on logout

2- Periodic checks can be implemented to detect and remove expired tokens

3- Expired tokens received through any web service should trigger immediate deletion and user redirection to the login page

Answer №2

This is a crucial topic that deserves some thorough research, but here are some brief answers to get you started:

  1. Primarily focused on the login process, although incorporating a registration confirmation link may be beneficial depending on the system's workflow. Ultimately, ensuring users can log in after registering is essential.
  2. No, storing sensitive information like authentication tokens in permanent storage is not safe. Keeping them in memory (e.g., in a secure store) is more secure.
  3. Absolutely, you have the option to include the authentication token in the header for each request made.
  4. When it comes to logging out, consider setting an expiration date for added security measures based on your desired level of safety precautions.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

The system is unable to locate the module at 'C:UsersSanjaiAppDataRoaming pm ode_modulesprotractorinprotractor'. This error originates from internal/modules/cjs/loader.js at line 960

After running "protractor conf.js" without any issues, I decided to install protractor globally using the command "npm install -g protractor". However, after installing protractor globally, I encountered the following error message: internal/modules/cjs/lo ...

javascriptangularnpmprotractor

The Kendo UI Grid's cancel function fails to revert back to the original data

I am facing an issue with a kendo grid that is embedded inside a kendo window template. This grid gets its data from another grid on the main UI, following a model hierarchy of Fund -> Currency -> Allocations. The main UI grid displays the entire dat ...

javascriptangularjskendo-uikendo-gridkendo-window

VueJS waits until the loop is complete before executing a re-render

Check out this VueJS code snippet: new Vue({ el: '#app', data: { tiles: [ { isActive: false }, { isActive: false }, { isActive: false }, { isActive: false }, { isActive: false } ] }, methods: { ...

javascriptvue.jsvuejs2

Guide: Looping through a typed Viewbag array - best practices

I have passed a List<AdminUsers> through the Viewbag to a view. This list is then assigned to a JavaScript variable and looped through. However, when debugging on the view, I noticed that the for loop is not being executed, even though I set a break ...

javascriptasp.netlistfor-loopdocument-ready

The Angular 2 Router's navigation functionality seems to be malfunctioning within a service

Currently, I am facing an issue with using Angular2 Router.navigate as it is not functioning as expected. import { Injectable } from '@angular/core'; import { Http, Headers } from '@angular/http'; import { Router } from '@angular/ ...

javascriptangulartypescriptservicerouter

Ensure Safari sends the Origin header in jQuery GET requests

When I send a request from https://app.example.com, the following code is executed: $.get('https://api.example.com', { foo: 'bar' }) .success(getSuccess) .error(getError); This script runs smoothly on Chrome and Firefox, however, ...

javascriptjqueryajaxsafaricross-domain

Expanding the reach of the navigation bar

Hello Everyone, Is there a way to stretch my navigation bar so that the links are evenly spaced out across the browser window instead of being clustered together? I want it to be responsive rather than fixed in size. This is my HTML code: <div class= ...

javascripthtmlcss

Is it possible to change the inner html to null during an active ajax request?

My goal is to have two separate data.html files inserted into two different HTML files without needing a click event. I want the structure of my data.html files to remain consistent, while allowing the template of my website to change dynamically by callin ...

javascripthtmlajax

Guide to organizing code for a REST API using Express.js

Recently, I have been working on developing a REST API using Sails.js. As I outlined the resources needed for my application, it struck me that many frameworks (based on Express) are proficient at handling single resources. However, in most cases, I found ...

node.jsarchitectureexpressgosails.js

The console indicates that the state's arrays have been filled, yet I'm unable to retrieve the object[0]

In my code, the functions that populate the state are called on component will mount. When I log the state on the render, this is what I observe in the log. The log clearly shows that the arrays in the state have been populated, although there seems to be ...

javascriptreactjsstaterender

Avoid retrieving data during the fetching process

I have been working on an application that utilizes Redux for state management. Furthermore, I have been using the native fetch method to fetch data. return fetch("https://dog.ceo/api/breeds/image/random").then(res => res.json()); Within my React co ...

javascriptreactjs

Leverage ESlint for optimal code quality in your expressjs

Is there a way to use ESlint with Express while maintaining the no-unused-vars rule? After enabling ESlint, I am encountering the following issue: https://i.stack.imgur.com/7841z.png I am interested in disabling the no-unused-vars rule exclusively for e ...

javascriptexpresseslint

Is it possible to iterate over an array and invoke a function at the same time?

const students = ['John', 'Mark']; const weight = [92, 85] const height = [1.88, 1.76] function yourBodyMass(name, funct, mass, height) { console.log(`${name}, your body mass index is ${funct(mass, height)}.`) } function calculateBM ...

javascript

Updating the Position of an Element in ElectronJS (e.g. Button, Label, etc)

Is there a way to change the positioning of a button in a window using JavaScript and Electron? I am trying to create new input boxes next to existing ones, but they always appear below the last one created. Is it possible to specify x and y coordinates fo ...

javascripthtmlelectron

A Guide to Listing Private JavaScript Class Properties

What is the best approach to iterate through private class fields? class Person { #isFoo = true; #isBar = false; constructor(first, last) { this.firstName = first; this.lastName = last; } enumerateSelf() { console.log(this); ...

javascriptjavascript-objectsprivateclass-fields

Adjusting the minimum value on a textfield with JQuery Validate plugin in real-time

I am attempting to dynamically update the minimum value on one field based on input from other fields. Here is a brief overview of my code: $("#new_project").on("click", function() { switch($('input:radio[name=quality-level]:checked').val() ...

javascriptjqueryvalidation

Is there a way in JavaScript to format an array's output so that numbers are displayed with only two decimal places?

function calculateTipAmount(bill) { var tipPercent; if (bill < 50 ) { tipPercent = .20; } else if (bill >= 50 && bill < 200){ tipPercent = .15; } else { tipPercent = .10; } return tipPercent * bill; } var bills = ...

javascript

How can I retrieve information from PHP using json_encode and access it in JavaScript?

Currently in the process of developing a web app using Phonegap and XUI. Fetching data from an external domain through an http request with XUI. The retrieval process is successful, as I am able to receive JSON data in the following format: ({"first":"J ...

phpjavascriptajaxjsonxui

Using AJAX in a Django application within a RESTful ecosystem

I am new to the world of restful programming and have a Django website. My goal is to dynamically load a part of the website. Currently, my workflow is as follows: When I call a URL (such as localhost:8080/index), it routes to the Django view, which retr ...

javascriptajaxdjangomongodbbackbone.js

NodeJS - issues with nodemon auto-reload feature causing my server to not

After successfully installing NodeJS version 4.4.5, I proceeded to install nodemon version 1.9.2 by following all the installation instructions using npm (npm install -g nodemon). In a newly created folder, I have my server.js file with some basic code: ...

javascriptnode.jsnpmnodemon