Hey everyone! I’m working on a project that includes both a website and an Android app. I’ve run into a tricky situation and could use some advice.
Here’s the deal: When a user changes their password on the website, I want the Android app to automatically log them out. But I’m not sure how to make this happen.
Does anyone have experience with this kind of setup? What’s the best way to handle it? I’ve thought about using push notifications, but I’m not sure if that’s the right approach.
Any tips or suggestions would be super helpful. Thanks in advance!
I’ve implemented a similar feature in one of my projects. The most reliable approach I found was using a token-based authentication system. When a user changes their password, invalidate their current token on the server. The app should periodically check the token’s validity with the server. If it’s invalid, force a logout.
This method is more secure than push notifications, which can be unreliable. It also doesn’t require constant connectivity. The app can check during normal API calls or at set intervals. Remember to handle edge cases, like what happens if the user is offline when their token is invalidated.
Implementing this might require changes to both your server and app architecture, but it’s worth it for the added security and seamless user experience.
hey max, have u tried using firebase auth? it handles token revocation pretty smoothly. when a user changes their password, u can revoke their tokens server-side. next time the app tries to use the token, it’ll fail n force a logout. its pretty straightforward to implement too!
ooh, interesting challenge! have u considered using websockets? they could let ur app ‘listen’ for password changes in real-time. maybe combine that with a token system? 
curious how others handle this. what security concerns are u worried about? any specific requirements for ur app?