Handling expired token in Laravel

后端 未结 13 2622
情话喂你
情话喂你 2020-11-29 00:30

What is the best way to handle expired tokens in laravel 5.

I mean I have a page and it has some links which perform ajax requests. They work fine when the page is

相关标签:
13条回答
  • 2020-11-29 01:30

    Circum-navigating the token is generally accepted as a terrible approach but there are problems with using js timers mentioned above too. js seetTimeout/setInterval is unreliable when the browser tab is either not it focus, minimised or in the case of many users, thier laptop/device is sleeping/closed etc.

    A better route might be to use a js timer to recalculate the 'time to die' from a datestamp set in a cookie (or meta tag for fussy GDPR no-cookie users). this datestamp will be the realworld (timezoned) time the session will die and is updated every page refresh. This way, it doesn't matter what the browser/device was doing/not doing whilst you were away AND it'll still be acurate for those with 'keep me signed in' etc.

    The next problem is what to do instead of auto resfreshing the token - present the user with a 're-login in' form (modal/popup) that ajaxes the new token to the page as mentioned above.

    0 讨论(0)
提交回复
热议问题