Handle Push Notification (tokens) for users on single device

I need help with a specific scenario - We have authenticated users on our application. They can log in and log out of the app.

When a user logs in, we get permission for notifications and (when granted), we store the Expo token in our database against that user.

When a user logs out, we remove the token from the database. This means they won’t receive notifications to this device.

How do i handle a situation where;

  • User A logs into Device A
  • User A logs out of Device A, but the Token fails to clear against User A (maybe connection drops)
  • User B logs onto Device A, we now have the same token stored against User A and User B

This would mean that notifications intended for User A would be sent to User B’s current device; Device A. The only time they would be cleared is if User A logs into Device B.

This approach is an edge case, but something we have to consider. Is there a way to pair a Devices generated token to a user ID or something similar?

There might be something i am missing with this approach. Any direction would be appreciated :slight_smile:

Here’s a random idea. Maybe someone else has a better suggestion:

What about: When user B logs into Device A, clear that token from any other users (in this case User A), then store the token against User B.

Thanks for the “random idea”… It’s one we have already considered. It may well be the solution that we end up going with.

The reluctancy for this approach is that it involves another data table or traversing a lot of data to make sure that token is not pinned to another user, and removing it if it is.

The question was more directed towards whether there was some way of handling this type of issue built into the Permissions/Notifications API on Expo. This is not a unique problem, I would assume

1 Like

Hey @alexborton,

What database are you using? One thing that came to mind was to use a unique constraint, such as in postgres, on the token to ensure that no token can be associated to multiple users. You then might be able to leverage the timestamp of the request and if the token already exists, delete the older value and write to the more recently authenticated user.


Thanks @adamjnav.

It became clear that this issue would have to be managed from a backend/data perspective, rather than something smarter from the device/frontend - so i passed it off to our backend guys :wink:

The solution is basically that which is written in my previous response and similar to what you suggest. The actual mechanics of it i don’t know, but the basic idea is that a token can only exist on one user, and the “latest” user with the token wins it.

Thanks for the help :+1:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.