Google Tag Manager

Forum Discussion

inespais's avatar
inespais
Mentor
2 months ago
Solved

Braze SDK: Logged Out/In States & Push States

Hey Bonfire! How did your devs configure the Braze SDK behaviour for Logged Out users in cross-device states? There are some concerns at play here and looking to make a call that is future-proof but ...
SDKs and APIs
  • Manoj__'s avatar
    Manoj__
    2 months ago

    Hello inespais​  based on your requirement, it is best to use disableSDK on device when a user logs out.

    This will stop data collection and any tracking on that specific device. Other devices registered for that user will still work.

    When the user login again, then you can use enableSDK to resume the data collection.

     

ECulle's avatar
ECulle
Influencer
2 months ago

I agree with the approach of not manually setting the user's push subscription status to "unsubscribed" when they log out. That path introduces a lot of complexity, especially for users with multiple devices.

To address your specific questions about the best practice for logged-out users:

Using the SDK's function to stop tracking on logout is a recommended method. It directly addresses your GDPR/privacy concerns by ensuring no user activity is tracked while they are logged out.

Regarding your other points:

  • De-registering Push Tokens: I would advise against this. There's no need to deregister the tokens. You can keep them tracked in Braze, stored on the user's profile. It simplifies the process significantly when they log back in.
  • Anonymous Users: The anonymous user/merge flow is overly complex for this use case and, as you noted, can be tricky when an external_id is already present. A simpler solution is much more effective.

The most straightforward and robust way to manage this is with a simple custom attribute.

Here’s the recommended flow:

  1. Set a Custom Attribute: Create a boolean attribute like is_logged_in.
  2. On User Logout: Set is_logged_in to false and then call the functions to stop tracking.
  3. On User Login: Re-enable the SDK, call changeUser() to identify the user, and set is_logged_in to true.

By doing this, you can easily filter all your push campaigns and Canvases to only send to users where is_logged_in is true.

This approach cleanly solves both of your main requirements:

  • No pushes are sent to logged-out users because of the segment filter.
  • Push preferences are instantly recovered upon re-login because their subscription state was never altered.

Hope this helps clear things up,

Emmett, Covalent Marketing 

  • inespais's avatar
    inespais
    Mentor
    2 months ago

    ECulle​ thank you for your response. I would agree that generally the custom attribute identifying whether the user is logged in/out is a good way to approach it, however, in this case that would mean that if you logout from one device, you also stop receiving comms on additional devices where you're still logged in... So ideally I want to find a solution that works on the device-level and doesn't affect the entire user profile (and all other devices associated with it).
    Any advice? 

    • Manoj__'s avatar
      Manoj__
      Visionary
      2 months ago

      Hello inespais​  based on your requirement, it is best to use disableSDK on device when a user logs out.

      This will stop data collection and any tracking on that specific device. Other devices registered for that user will still work.

      When the user login again, then you can use enableSDK to resume the data collection.

       

      • inespais's avatar
        inespais
        Mentor
        2 months ago

        Manoj__​ hello & thank you! Just to double check, do you also disable the push token? I.e. on iOS stop APNs delivery via UIApplication.shared.unregisterForRemoteNotifications(); and on Android stop FCM delivery via FirebaseMessaging.getInstance().deleteToken() ?
        I believe that would be the only way to really ensure no push notifications can be delivered...

    • ECulle's avatar
      ECulle
      Influencer
      2 months ago

      Hey inespais​,

      Another possible solution would be what you mentioned to create an anonymous profile, but with the consideration that it may create a large amount of useless profiles. 

      The Technical Implementation:

      The entire mechanism hinges on using the changeUser SDK method to manage the association between a device's push token and a user's profile.

      • On User Logout: Call the changeUser method with a null value.
        • Android (Kotlin): Braze.getInstance().changeUser(null)
        • iOS (Swift): Appboy.sharedInstance()?.changeUser(nil)
        What this does: This command tells Braze to end the current user's session on that specific device. In the backend, Braze migrates the push token from the identified user's profile to a new, anonymous profile. The logged-in user is no longer associated with that device.
      • On User Login: Call the changeUser method with the user's ID.
        • changeUser("external_id")
        What this does: This re-associates the device's push token with the correct user profile, seamlessly restoring their ability to receive targeted pushes on that device.

      The Operational Practice:

      Because the logged-out device still has a valid push token (now tied to an anonymous profile), it could still receive broadcast campaigns sent to "All Users". The solution is to ensure your campaigns are correctly targeted.

      • Apply a filter to your campaign segments: When building campaigns, add a filter to target only known, logged-in users.
      • External ID is not blank

      By adding this one rule, you ensure messages are only sent to devices that are actively logged into a user account, automatically excluding all logged-out sessions.