2

I have a rare scenario where there is a possibility that on a single device and browser combination there could be multiple users logging in / out.

For example, on a home laptop using Chrome, User 1 may login and close the browser (authentication has a timeout so the use will get logged out after n minutes of inactivity) or logout. User 2 can then login.

I am planning to use Pushy web push notifications to send users push notifications but I have hit a blocker.

The following code is used to register Pushy:

Pushy.register({ appId: 'app-id' }).then(function (deviceToken) {
    // Print device token to console
    console.log('Pushy device token: ' + deviceToken);

    // Send the token to your backend server via an HTTP GET request
    //fetch('https://your.api.hostname/register/device?token=' + deviceToken);

    // Succeeded, optionally do something to alert the user
}).catch(function (err) {
    // Handle registration errors
    console.error(err);
});

Now when User 1 logs in, device token abc123 is generated. Internally, I will store this device token against User 1 and I am able to successfully send a push notification. If User 1 is logged out, and User 1 logs in, a new device token isn't registered so I can assign a device token to User 2.

If I try clearing all of Pushy's local storage, then a new device token def456 is generated and I am able to successfully send a push notification to def456 but also able to send a push notification to abc123.

If I unregister the service worker and then try registering Pushy using the code above, then a new device token ghi789 is generated and I am able to successfully send a push notification to ghi789. Now I am unable to unable to send a push notifications to abc123and def456.

I even tried updating the Pushy local storage values manually but this doesn't work.

I am a bit confused how to handle this scenario so that only the currently logged in user will receive the push notification.

Do I need to use scopes? If yes, how do I use scopes. Do I need to update the service worker? If yes, how do I achieve this as I think Push handles the registration of the service worker. Is there something else I am missing?

Should I be unregistering the service worker when a user logs out so that when user logs in the service worker is registered again and a new Pushy device token is generated?

Eric P Pereira
  • 450
  • 1
  • 7
  • 18

1 Answers1

3

A late answer, but someone might find this useful someday.

Our recommended approach is:

When a user logs out, always clear their associated Pushy device token from your backend database. Whenever any user logs in, send their most up-to-date device token to your backend for storage. In addition, before storing this device token, check whether any other users have this Pushy device token assigned to them. If so, clear it from the other users first. Then, associate this Pushy device token only for the user currently logging in.

Full disclosure - I work at Pushy.

Elad Nava
  • 7,746
  • 2
  • 41
  • 61
  • What about when 'business' needs to send web push to offline users? We want to encourage them to log in again – zolty13 Aug 25 '20 at 09:03
  • 1
    In that case, don't clear the user's token when they log out of your app. Instead, only clear a device token when another user logs in with the same device token, using another user ID. – Elad Nava Aug 25 '20 at 15:15