5

In an application I am building, it is possible for a logged in user to receive specific push notifications related to activity their user account is participating in or subscribing to.

As it stands at the moment, if a user logs out, they remain subscribed and the service worker remains registered.

However, it would mean that push notifications they've subscribed to will still be received.

On the plus side, however, it means that if the original user logs in again, they won't need to go to their preferences and re-enable notifications and re-register a new service worker/subscription.

Does anyone have any examples of how to approach this in a secure way so notifications are not leaked after logging out, but maintaining the existing subscription in case they log back in? Is it even possible?

Thanks,

P

SpongeBobPHPants
  • 641
  • 7
  • 19

1 Answers1

4

Usually you have an endpoint in your database associated to a user ID, so that you can target that user with push notifications.

When the user logs out you can simply remove the association between the endpoint and the user ID in your database.

collimarco
  • 34,231
  • 36
  • 108
  • 142
  • Thank you. That is what I'm currently doing, but it means when the user logs back in (on the same device) that they will have to re-enable push notifications (re-create the association with likely a new endpoint). That's what I'm trying to avoid, though arguably it's really the only feasible approach and not totally unexpected if the user has explicitly logged out of the device. – SpongeBobPHPants May 22 '18 at 13:47
  • 2
    @SpongeBobPHPPants If you refer the browser permission prompt, they don't have to re-enable the notifications. You can keep the browser permission and just remove the association from your database. – collimarco May 23 '18 at 08:47