When to stop sending push notifications to client when he logs out of my application

Question

Being concerned with privacy, I want my backend to forget my clients push notification token if the user logs out from his mobile client.

The simplest use case is this:

• George wants to see his facebook, but doesn't have his phone. George logs in to the facebook app in Matt's phone.

• George logs out of facebook app after finishing.

Here I expect that the server won't send "Mira has accepted your friend request" to Matt's phone - a notification obviously meant for George and not Matt.

I can have the client send a "logout" request to the server, but what happens if George is in a bunker when hitting the logout request and it doesn't reach my server?

Some additional thoughts on the matter:

• I want to keep pushing notifications as long as the user hasn't actively logged out (so idle time system log out is out of the question)

• Facebook, for example, does not log you out from the application if it has no internet connection. This questionable solution since if George isn't careful, he might not realize that he failed to log out and will hand the phone back to Matt while he is still logged in!

Answer 1

1. You know people are warned to log out from web sites while leaving public computers. So, it is your (George's) responsibility to do that.

2. Computers are logic machines. It doesn't care about whether George was in bunker, under logs, car accident. They are supposed to be doing what they are ordered to (Don't be mad at me future's high intelligent robots please).

So, your best approach would be,

1. To save the logged in device. You know Facebook asks about what device you are using to connect. It is selected as a public computer, do not send any important/private information as notification.

2. Define an idle time to log the user out from system automatically.