User sessions are not getting removed on app uninstall #246
Comments
Thanks for opening this issue!
|
|
I'm happy to put together a PR for this but I'd like some direction first. How should the SDK go about fixing this? A common method is to store something in Thoughts on this? Maybe there is also an easier fix I'm not thinking of. |
|
You as the app developer are responsible for handling the keychain, particularly when you uninstall the app. Your app doesn't delete the keychain automatically when you uninstall an app. You can check the sample app I released for an example: // Clear items out of the Keychain on app first run. Used for debugging
if UserDefaults.standard.object(forKey: Constants.firstRun) == nil {
try? User.logout()
// This is no longer the first run
UserDefaults.standard.setValue(String(Constants.firstRun),
forKey: Constants.firstRun)
UserDefaults.standard.synchronize()
}The link above is using a SwiftUI app cycle, but the same code can go in your app delegate. |
|
This is indeed a workaround that can be included, but the SDK should be responsible for cleaning up its own keys so behavior matches user expectations. If the app developer was responsible for the Keychain/User state, then it would be expected that the SDK doesn't handle Keychain storage at all and it would be up to the app to persist the user and installation data on its own. The SDK handles this instead, which implies that it would handle the entire lifecycle of those keys and state. |
This has never been handled by any of the iOS related SDKs in the past. Of course, if you have a way of doing so, please submit a PR.
This seems to be an opinion, but if you come up with a solution, I'll review it. You are also assuming that when "every" developer deletes their app, they want their keychain old user info deleted. The OS cleans apps off devices all of the time automatically; forcing the user to always have to login after deletion is a case-by-case scenario, and isn't applicable in "every" case |
|
I haven't investigated how it works, but the current Objective-C Parse SDK returns a nil As an end-user, my expectation without knowing anything about what the Keychain is would be that after deleting and reinstalling an app, all of my data would be cleared. Being logged in to an app after uninstall/reinstall would be unexpected. When the OS clears an app off of a device, none of the persisted data is removed (unless it's a cache) and this wouldn't apply. |
If this is true, I recommend looking there to get an idea on how/where to add the feature as the Keychain in the Swift SDK is similar. |
cbaker6
added
🧬 enhancement
and removed
type:question
|
This will be available in Swift SDK 2.0.0. Adds configuration option to delete Keychain on app first run. This option is disabled by default and should only be enabled after the following in order to avoid users having to re-login:
let newConfiguration = ParseConfiguration(applicationId: "yo",
serverURL: server,
deleteKeychainIfNeeded: false)
ParseSwift.initialize(configuration: newConfiguration) |
mtrezza
added
type:feature
New Issue Checklist
Issue Description
When uninstalling an app and reinstalling, the
currentUserstill reports the same session from before the app was uninstalled. This doesn't match user expected behavior, where deleting and reinstalling an app would start things "fresh" for them.This is likely due to the fact that Keychain values are not cleared when an app is uninstalled, which Apple seems to claim is not a bug. This may be happening with other Keychain-stored values as well like Installations, but I haven't checked those specifically at this point.
Steps to reproduce
currentUseris populated.Actual Outcome
Upon launching after second install,
currentUseris populated and the app is logged in.Expected Outcome
The user's expected outcome would be that the newly installed app is not logged in and
currentUserwould return nil.Environment
Client
1.1013iOS15Server
4.10.3UbuntuDODatabase
Mongo4.4DOThe text was updated successfully, but these errors were encountered: