Idea

Bryan Wagstaff avatar image
Bryan Wagstaff suggested

API Logout call for security

There are several existing feature requests and forum posts, but it still needs correction.

It is not enough to have security authentication tokens expire after 24 hours. The current recommendation seems to be to drop them and hope they aren't accidentally reused, or worse, maliciously replayed or stolen. The fact that we cannot expressly invalidate them remains an enormous security flaw.

There needs to be a logout function to explicitly declare "this session is over" and invalidate the token.

apisAuthentication
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

No Comments

·

Write a Comment

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Your Opinion Counts

Share your great idea, or help out by voting for other people's ideas.