On Saturday, January 20, 2018 at 4:59:06 AM UTC+13, Tim Harsch wrote: > > ... we need to configure our app to have a persistent store of invalidated > tokens to ensure they can't be re-used after logout. >
Surely it’s the other way round, the usual practice being to maintain a store of *valid* tokens, with a finite lifetime attached to each (perhaps reset when they get presented again). The tokens get deleted either on explicit logout or implicitly on lifetime expiry. Anything that isn’t currently recognized from the store entries is invalid. -- You received this message because you are subscribed to the Google Groups "Project Jupyter" group. To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+unsubscr...@googlegroups.com. To post to this group, send email to jupyter@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/e41a1fa2-afe8-4f24-91f1-75a694e501e9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
