Thanks for the response Juan
1 . The use case is that,
- Imagine that I have logged in with valid user details and went to my dashboard as a normal flow.
- For getting access I have copied that token and kept it aside.
- Then I try to login with another user account and got response as invalid details.
- To get the access I have added valid token which I have saved earlier and pasted that token here then I am able to get the access.
2. After sign out the token is not expiring in Moodle - 3.6 version and same token is getting generated every time until that token get expired to avoid this after every log out I wanted to expire that token so that the same token will not be generated. We have same option available in admin panel to expire token after sometime we already configured with 5 minutes.
3. Yes we are using https only, Please confirm with the token cant we steal another user information?
Regards,
Mahesh K.
1 . The use case is that,
- Imagine that I have logged in with valid user details and went to my dashboard as a normal flow.
- For getting access I have copied that token and kept it aside.
- Then I try to login with another user account and got response as invalid details.
- To get the access I have added valid token which I have saved earlier and pasted that token here then I am able to get the access.
2. After sign out the token is not expiring in Moodle - 3.6 version and same token is getting generated every time until that token get expired to avoid this after every log out I wanted to expire that token so that the same token will not be generated. We have same option available in admin panel to expire token after sometime we already configured with 5 minutes.
3. Yes we are using https only, Please confirm with the token cant we steal another user information?
Regards,
Mahesh K.