System Information
- 4.19:
- Windows 10:
- Database:
- Node Version: 18.17.1:
- NPM Version:
- Yarn Version:
I am reporting a serious security issue that is preventing me from obtaining a security certificate for my current project.
Issue Description: When I log in to Strapi admin page, a Bearer token is generated that allows performing actions on the API, such as querying uploaded files:
{{url}}/upload/files?sort=name:ASC&page=1&pageSize=10&folder=133&filters[$and][0][folderPath][$eq]=/133
The problem is that this Bearer token remains valid even after logging out. This means that if someone obtains the token and uses it after I have logged out, they can still access private Strapi functions. This poses a serious security risk, as the token could be shared and used by others to perform unauthorized actions.
Required Solution: I need a way to ensure that the Bearer token expires automatically after logging out. How can I configure this in Strapi?