I'm using Firebase for web-push notifications in my app, and I'm wondering about best practices regarding user logout. Should I immediately delete the Firebase tokens and stop sending notifications as soon as a user opts to log out? Without the session cookie, a user will eventually be logged out manually, which means my app wouldn't know they're no longer active. In that scenario, they could still receive notifications, right? Cheers!
2 Answers
According to Pushpad guidelines for Web Push, it's best to remove the user ID linked to the subscription when a user logs out. This way, the device won’t receive sensitive notifications after logout. You can still keep the subscription (without the user ID) for general notifications or news that aren't user-specific. This approach seems to strike a good balance.
It really depends on the type of notifications. If they’re just general news or marketing updates, you might be better off not sending those after logout since they can be more annoying than helpful. However, if the notifications are updates about the user’s account, I think it’s fine to keep sending them unless the user has specifically opted out or deleted their account. It could be useful for them, even if they've logged out.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads