Forum Discussion
Solved
Braze SDK: Logged Out/In States & Push States
Hey Bonfire! How did your devs configure the Braze SDK behaviour for Logged Out users in cross-device states? There are some concerns at play here and looking to make a call that is future-proof but also not overly complex on handling edge cases.
Context:
- EU app
- Cross-device app and (potentially edge-case) multi-user per device
- Team leaning towards not manually updating Push Subscription status to Unsubscribed when users opt-out due to complexity in handling all edge cases and also not wanting to Unsubscribe someone from multiple devices when they only opted-out in one
Outstanding question is when a user logs out whether it's best to:
1. Stop the SDK from running altogether to ensure the user is not being tracked by accident while logged out (thinking GDPR/Privacy compliance here);
2. De-register the push token, and re-register later upon new login;
3. Create an anonymous user (which will have the previous push tokens) and later merge the profiles upon new login --> I'm not sure this is possible since the external_id will already be assigned so it's not really anonymous.
In short, what is the best practice to ensure that if Logged Out:
- No Push Notifications are sent to the device
- We can easily recognise and recover the push preference after a re-Login?
... while keeping the config. as simple as possible
Thanks!
Hello inespais based on your requirement, it is best to use disableSDK on device when a user logs out.
This will stop data collection and any tracking on that specific device. Other devices registered for that user will still work.
When the user login again, then you can use enableSDK to resume the data collection.
6 Replies
I agree with the approach of not manually setting the user's push subscription status to "unsubscribed" when they log out. That path introduces a lot of complexity, especially for users with multiple devices.
To address your specific questions about the best practice for logged-out users:
Using the SDK's function to stop tracking on logout is a recommended method. It directly addresses your GDPR/privacy concerns by ensuring no user activity is tracked while they are logged out.
Regarding your other points:
- De-registering Push Tokens: I would advise against this. There's no need to deregister the tokens. You can keep them tracked in Braze, stored on the user's profile. It simplifies the process significantly when they log back in.
- Anonymous Users: The anonymous user/merge flow is overly complex for this use case and, as you noted, can be tricky when an external_id is already present. A simpler solution is much more effective.
The most straightforward and robust way to manage this is with a simple custom attribute.
Here’s the recommended flow:
- Set a Custom Attribute: Create a boolean attribute like is_logged_in.
- On User Logout: Set is_logged_in to false and then call the functions to stop tracking.
- On User Login: Re-enable the SDK, call changeUser() to identify the user, and set is_logged_in to true.
By doing this, you can easily filter all your push campaigns and Canvases to only send to users where is_logged_in is true.
This approach cleanly solves both of your main requirements:
- No pushes are sent to logged-out users because of the segment filter.
- Push preferences are instantly recovered upon re-login because their subscription state was never altered.
Hope this helps clear things up,
Emmett, Covalent MarketingECulle thank you for your response. I would agree that generally the custom attribute identifying whether the user is logged in/out is a good way to approach it, however, in this case that would mean that if you logout from one device, you also stop receiving comms on additional devices where you're still logged in... So ideally I want to find a solution that works on the device-level and doesn't affect the entire user profile (and all other devices associated with it).
Any advice?Hello inespais based on your requirement, it is best to use disableSDK on device when a user logs out.
This will stop data collection and any tracking on that specific device. Other devices registered for that user will still work.
When the user login again, then you can use enableSDK to resume the data collection.
