skip to Main Content

I’ve a website where user is logged in multiple browsers like; Firefox and Chrome. I want to implement a functionality when user changed the password in Firefox, then in Chrome, it too should be logged out. How I can achieve in JavaScript?

Can we implement this with local storgae or session?

2

Answers


  1. Local and session storage are not shared between different browsers, so you need more than just the storage.

    There are a couple ways you can implement this feature, it depends on how your application is set up.

    The easiest way is to tell the client when a password was changed, for example via a web socket connection. If a password was changed, you can then unset all the JWT tokens on the client.

    You can also keep a reference to the tokens on the server, and validate if the token is still valid (for example with a unique ID in the payload of the JWT). If that is not the case, you return an error to the client, and unset the JWT token based on that error.

    A pure "client-side" JavaScript solution is not possible in this case.

    Login or Signup to reply.
  2. I implemented this some days ago (with an Angular client and PHP server).

    Since I can’t use a server-sent message that invalidates the localStorage, I adopted a refresh token with a short-living access token. The refresh token is used to get a new access token every N minutes, it is saved in the server DB and deleted when user changes password.
    In this way all session will auto-close in N minutes.

    You can implement a more simple solution using polling: the server has to provide a "ping" API that checks the token; the client calls this API and manages a "KO" response.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search