How to overcome RESTful invalidation?

R

Roman Gor2015-11-12 05:13:33

PHP

Roman Gor, 2015-11-12 05:13:33

Subject.
After login, the client has a token through which he robs api. User data is stored on the client for some time.
Problem: what to do if the server has changed the data about the client (user_name for example), and the client has no idea about it yet?
Thought something like that.
Create an intermediate table in which to store "reset tokens", store no more than a certain time. After changing the profile, reset the main ("active") token to this intermediate table.
Therefore, with a new request, the server will not detect an "active" token, you need to offer to look also into the intermediate table, if there is a token there, send a new info to the client with a pre-generated token. If there is no token even in the interval, or the storage period of the intermediate token has expired, send the user to relogin.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrew, 2015-11-12
@R0dger

Problem: what to do if the server has changed the data about the client (user_name for example), and the client has no idea about it yet?
How is that? if you did not request a change, the server itself or what? wanted to change?