Meteor.accounts and loginTokens
2,897 views
Skip to first unread message
Jan Hendrik Mangold
Jul 7, 2013, 3:45:51 PM7/7/13
to meteo...@googlegroups.com
I am using the Accounts package that is being shipped with Meteor and everything works out of the box.
Of course I can't help myself to look at what is being stored on the server and I can see the db.users services.resume.loginTokens to grow. There does not seem to be any sort of garbage collection, like which tokens should be removed from mongodb? I have accounts with 16 or 30 loginTokens.
Does anybody know if this is supposed to be?
Jan
Warsame Bashir
Jul 7, 2013, 4:02:37 PM7/7/13
to meteo...@googlegroups.com
I asked the same question on SO
Jan Hendrik Mangold
Jul 7, 2013, 7:49:23 PM7/7/13
to meteo...@googlegroups.com
I installed event-hooks from atmosphere and added the following hook on the server side (console.log gratuitous)
Hooks.onLoggedOut = function (userId) {
var u = Meteor.users.findOne({_id: userId});
if(u)
{
console.log('Logged out user '+userId+'. Number of login tokens: '+u.services.resume.loginTokens.length);
Meteor.users.update({_id: userId},{$set:{"services.resume.loginTokens":[]}});
}
};
Is this going to create a problem?
Warsame Bashir
Jul 7, 2013, 9:42:13 PM7/7/13
to meteo...@googlegroups.com
This is an easier option. +1 i hope one of these meteor engineers can answer on this
On Sunday, July 7, 2013 2:45:51 PM UTC-5, Jan Hendrik Mangold wrote:
On Sunday, July 7, 2013 2:45:51 PM UTC-5, Jan Hendrik Mangold wrote:
Arunoda Susiripala
Jul 7, 2013, 10:36:42 PM7/7/13
to meteo...@googlegroups.com
Hi Jan,
--
Arunoda Susiripala
AFAIK, this exists and have no official solution yet.
Removing loginTokens at the lo
--
You received this message because you are subscribed to the Google Groups "meteor-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to meteor-talk...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Arunoda Susiripala
Arunoda Susiripala
Jul 7, 2013, 10:42:56 PM7/7/13
to meteo...@googlegroups.com
Hi Jan,
AFAIK, this exists and have no official solution yet.
Removing loginTokens at the logout can have some bad effects since it will remove all the tokens.
Some users may loggedin using several browser so have several tokens. Deleting all loginToken when loggedOut will loggedOut him from every browser.
This may be a feature or a bug depending your app.
Another way to deal with this is a use a cron job to remove older tokens. Each token contains a timestamp value.
There is another way we can dealwith this. But complex. Using a loginHandler.
Hope this helps you out.
Avital Oliver
Jul 8, 2013, 1:57:33 PM7/8/13
to meteo...@googlegroups.com
See https://github.com/meteor/meteor/pull/1039. You're right, we should resolve this.
Jan Hendrik Mangold
Jul 8, 2013, 2:09:00 PM7/8/13
to meteo...@googlegroups.com
Arunoda
On Sunday, 7 July 2013 19:42:56 UTC-7, Arunoda Susiripala wrote:
On Sunday, 7 July 2013 19:42:56 UTC-7, Arunoda Susiripala wrote:
Hi Jan,AFAIK, this exists and have no official solution yet.Removing loginTokens at the logout can have some bad effects since it will remove all the tokens.Some users may loggedin using several browser so have several tokens. Deleting all loginToken when loggedOut will loggedOut him from every browser.
that is what I thought as well. I would like to be more selective in removing tokens but couldn't even figure out what the active token of the session logging out was.
This may be a feature or a bug depending your app.
Frankly, I would prefer if a user was just logged in once (on my app) because the device records the geo location in the user document ...
Another way to deal with this is a use a cron job to remove older tokens. Each token contains a timestamp value.There is another way we can dealwith this. But complex. Using a loginHandler.Hope this helps you out.
I am just happy that I am not the only one facing this issue :)
Jan Hendrik Mangold
Jul 10, 2013, 4:02:08 PM7/10/13
to meteo...@googlegroups.com
I have removed the deletion of all services.resume.loginTokens on logout because it might create undesired side effects. What would be nice instead is to at least remove the "current" loginToken that is being logged out. How do I find the current loginToken?
Nick Martin
Jul 10, 2013, 10:25:16 PM7/10/13
to meteo...@googlegroups.com
Hi Jan,
-- Nick
--
Arunoda Susiripala
Jul 10, 2013, 10:52:14 PM7/10/13
to meteo...@googlegroups.com
Thanks Nick.
This is nice and a clean way.
steeve
Jul 11, 2013, 10:00:31 AM7/11/13
to meteo...@googlegroups.com
What may be interesting is for users to be able to reset login tokens across all devices/sessions similar to how Google Apps works. Which of course would open up the methods to handle it server side and/or from an admin panel one might build.
The infrastructure is already there within Meteor to support this.
The remove on logout is nice.
The remove on logout is nice.
Ken Yee
Jul 20, 2013, 3:37:19 PM7/20/13
to meteo...@googlegroups.com
On Thursday, July 11, 2013 10:00:31 AM UTC-4, steeve wrote:
What may be interesting is for users to be able to reset login tokens across all devices/sessions similar to how Google Apps works. Which of course would open up the methods to handle it server side and/or from an admin panel one might build.
AFAIK, this won't log them out though. It'll just prevent them from being able to log in again on the next session when they restart their browser?
Reply all
Reply to author
Forward
0 new messages