Expire after each use
fri3ndly opened this issue · comments
Hello love your project and just wondering if there is a way to make each token expire once used?
I saw this part in the config:
/*
|--------------------------------------------------------------------------
| Token destroy lottery
|--------------------------------------------------------------------------
|
| You can clear the token on every use or adjust the chances the query will
| be run. By default the odds are 1 out of 10.
|
*/
'lottery' => [1, 10],
And tried making the value [1, 1] which didn't work - is this what this config option was intended for. Or should I clone the Autologin Controller as you mentioned and run a delete request upon each usage.
Thank you
Hey, just had a quick look through the code to get up to speed. I thought tokens were deleted after they were used once but turns out this is not the case - they remain until they expire.
The lottery was meant to clear out expired tokens. It would only be called when a token is used, so every x token validations would trigger a cleanup.
Happy to accept a PR that would add the functionality to destroy tokens after usage, but if you wanted to get it out the door for your own app I reckon extending the autologin controller and adjusting it as you need would do the trick. Hope this helps!
Thanks for the quick reply - will go with the latter for now as it might be best to write some config to switch immediate token expiry on or off - i've gone with the quick and dirty option - thank you 👍