0

I have client-server app, and i develop Xamarin mobile client, i use FCM for PUSH notify, When I log in, I send my token to the server, where I tied it to account in my database, but what do i do when i log out in mobile app, the server may not be aware of this and will continue to send notifications, I have to update the token in the client, but this is not implemented, and not correctly, What can I do?

A similar problem is described here. Firebase Cloud Messaging Refresh Token

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
Artur Oksenyuk
  • 33
  • 7
  • I don't understand the problem here. If a device token is associated with a user, then it makes sense to remote the token for that user when they explicitly log out, driven by some backend component that manages the relationship between the user and their registered devices. – Doug Stevenson May 07 '19 at 07:55
  • You should remove token from database. It is lack of security when not logged in user receives push messages. – Marek Kondracki May 07 '19 at 07:56
  • I can do this, I think will be possible the server will not know and will continue to send notifications – Artur Oksenyuk May 07 '19 at 08:24
  • When a user logs out, the token must be deleted, either from the client or from the server (by checking the response when sending a message) -- see [this post](https://stackoverflow.com/a/49052000/4625829) – AL. May 07 '19 at 10:15

1 Answers1

0

Android FCM Token Not Changed When You Logout so its not a good idea to remove token from DB , so the simple solution you can add a column in your server DB and maintain status there .

For example create a column "is_active" and when user login to your app make its value "1" and when logout make it "0" so at the end when you have to send push notification filter them by "is_active" means select those rows in which is_active = 1

Mayank Sharma
  • 2,735
  • 21
  • 26
  • Okey thanks, but I don’t quite understand how I can filter these notifications, I have to keep the active state on the client, how can i filter this, and what happens if I log in as a different user. If it's not hard for you, I can get some kind of code example. – Artur Oksenyuk May 07 '19 at 08:13
  • I can not save the active state on the server, the server may not know that the client is no active – Artur Oksenyuk May 07 '19 at 08:15
  • if you don't want to change on server then on android side keep a boolean isLogin and if its true then only show notification – Mayank Sharma May 07 '19 at 08:17
  • I can intercept notifications and cancel its display? – Artur Oksenyuk May 07 '19 at 08:20