Validating if a user's license is valid while its session is active [closed]

Question

I am working on an application with a Java Spring Boot back-end and Angular 13 front-end.

Right now a token is set in the user's local storage when he logs in for the first time and expires after 30 days.

This has been working fine so far, but now I need to validate whether a user's license is valid while his session is active. Right now the license validation is executed during login, but since the session does not expire daily, the user does not have to log in every day.

Looking at other threads it has been suggested to set another item in the user's local storage that expires after 24 hours, once expired it should trigger the back-end to check whether the user's license is active and trigger related logic.

Would that be the right approach to solve this issue?

Thank you very much

Answer 1

Does the application talk to the back-end during a session? If so, I would say the "right" way to approach this would be to verify the user's license on every access-restricted request to the back-end (or if that would be too slow you could check the first request per day, but it shouldn't generally be slow to check credentials). You shouldn't leave it to the front-end to decide when the license should be checked because front-ends can't be trusted (they are under user control, not your control).

If the application is basically an offline application and doesn't make meaningful server requests during a session, your approach seems reasonable to me. You can make the code "call home" once a day when online and do the check then.