When we try to login using mobile app one of the service is calling /login/token.php
Which generates the token after valid credentials are given then that token will be used for authentication.
Here I found some observations
1. When you successfully logged in with valid user it willl generate token but with invalid login details if you pass this token ( which is generated earlier ) it accepts and able to logged in.
2. After logout from the app the token should be deleted how to do that.
3. That generated token should be hide in response or I just wanted to add encryption to it how to do that?
Please help me
The same has been posted in web forum also please go through with below
Thanks & best regards,