rawwar commented on issue #47952: URL: https://github.com/apache/airflow/issues/47952#issuecomment-2819660896
@pierrejeambrun , I was looking into this. One idea is, whenever user logs out, we add their tokens to a temporary blacklist. This blacklist keeps cleaning up tokens which are expired. However, I can't just maintain these blacklisted tokens in memory as webserver can restart. Just a restart can re-allow these blacklisted tokens. So, this needs to be persisted. Also, if multiple replicas of the web server are running, this needs to be shared among them. Only way I can store this such that multiple webserver's can consistently get correct blacklisted tokens is to store them in metadata DB. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
