4

I'm using anonymous authentication is a Firebase app. I just noticed that I have over 100 anonymous users now registered even though all I've been doing is testing the app. It looks like the expiration time for the user token is quite short, and as soon as it expires the next login causes a new user to be created.

What is the best way to avoid this? I could presumably refresh the user's token but I'm not sure how to this since in onAuthStateChange the user parameter is null if the user has expired.

Or should I changed the expiration time? If so, how do I do this? I found some instructions for doing so in the old Firebase docs but can't see how to do it in the latest version.

UPDATE: Currently I am initializing the app and authenticating the (anonymous) user like so:

firebase.initializeApp(FIREBASE_CONFIG);

firebase.auth().onAuthStateChanged(user => {
  if (!user) {
    firebase.auth().signInAnonymously().catch(error => {
      console.error('Failed to authenticate with Firebase', error);
    });
  }
});
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Matthew Gertner
  • 4,487
  • 2
  • 32
  • 54
  • Hmm I just noticed http://stackoverflow.com/questions/37487283/firebase-3-x-token-session-expiration. So I guess the anonymous users never expire? If so, I can't understand how so many users got created since only a couple of people are testing the app right now. – Matthew Gertner Sep 22 '16 at 13:35
  • 2
    As you've discovered: sessions don't necessarily expire anymore in the 3.x SDKs. A lot depends on how you implement sign-in in your app. Without seeing the minimal code that reproduces the problem, it's going to be hard to say anything. – Frank van Puffelen Sep 22 '16 at 13:42
  • I added the initialization code to the post. – Matthew Gertner Sep 22 '16 at 14:00
  • That doesn't seem to create multiple accounts in my quick test: http://jsbin.com/noziri/edit?js,console – Frank van Puffelen Sep 22 '16 at 14:18
  • 3
    The anonymous user session should not expire. Just in case you are doing this elsewhere in your code, you should not signOut the anonymous user. If you do, the next time you sign in anonymously you will get a new anonymous user. – bojeil Sep 22 '16 at 17:15
  • OK I need to dig deeper into what's going. I suspect it's related to the fact that we are using Cordova. Maybe installing a new version of the app causes the local storage to be wiped. I'm still surprised by the raw number of users but I'll run some more tests to figure out if this is the cause or if it's somewhere else. – Matthew Gertner Sep 22 '16 at 18:22
  • @FrankvanPuffelen do you have any official docs that "sessions don't necessarily expire anymore in the 3.x SDKs" – Muhammad Hassan Nasr Sep 28 '16 at 12:42
  • @MatthewGertner can you confirm the anonymous user sessions don't expire anymore? – Daniele B Jun 27 '17 at 18:08
  • How can I prevent expiration using 2.x SDK ? – Killy Dec 04 '18 at 11:37

0 Answers0