Cross site scripting tokens are a standard feature of most websites. You'll need to find another tutorial on the internet to learn how to set them up if you're looking more detail than this overview has. I don't think there's anything special about them in this case.
If, as suggested in the post, you monitor the csst to see if the user is signed in or not
In order to ping the other open apps to tell them to signout of the firebase-js-sdk, I found the easiest method is to monitor the presence of the csst cookie. If the csst cookie disappears, you know that the person has signed out and your app should call the signOut() method of the firebase sdk.
Then when the csst token expires the person would automatically be logged out of firebase and you could redirect them to a login page.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Can you share more details about csst token? If user inactive for a long time, this JWT maybe expired. How can they get sign-in?
Cross site scripting tokens are a standard feature of most websites. You'll need to find another tutorial on the internet to learn how to set them up if you're looking more detail than this overview has. I don't think there's anything special about them in this case.
If, as suggested in the post, you monitor the csst to see if the user is signed in or not
Then when the csst token expires the person would automatically be logged out of firebase and you could redirect them to a login page.