Braze SDK: Logged Out/In States & Push States

Hey Bonfire! How did your devs configure the Braze SDK behaviour for Logged Out users in cross-device states? There are some concerns at play here and looking to make a call that is future-proof but also not overly complex on handling edge cases.

Context:
- EU app
- Cross-device app and (potentially edge-case) multi-user per device
- Team leaning towards not manually updating Push Subscription status to Unsubscribed when users opt-out due to complexity in handling all edge cases and also not wanting to Unsubscribe someone from multiple devices when they only opted-out in one

Outstanding question is when a user logs out whether it's best to:
1. Stop the SDK from running altogether to ensure the user is not being tracked by accident while logged out (thinking GDPR/Privacy compliance here);
2. De-register the push token, and re-register later upon new login;
3. Create an anonymous user (which will have the previous push tokens) and later merge the profiles upon new login --> I'm not sure this is possible since the external_id will already be assigned so it's not really anonymous.

In short, what is the best practice to ensure that if Logged Out:
- No Push Notifications are sent to the device
- We can easily recognise and recover the push preference after a re-Login?
... while keeping the config. as simple as possible

Thanks!

Find more posts tagged with

SDKs and APIs

Accepted answers

Manoj__

Hello @inespais based on your requirement, it is best to use disableSDK on device when a user logs out.

This will stop data collection and any tracking on that specific device. Other devices registered for that user will still work.

When the user login again, then you can use enableSDK to resume the data collection.

All comments

ECulle

I agree with the approach of not manually setting the user's push subscription status to "unsubscribed" when they log out. That path introduces a lot of complexity, especially for users with multiple devices.

To address your specific questions about the best practice for logged-out users:

Using the SDK's function to stop tracking on logout is a recommended method. It directly addresses your GDPR/privacy concerns by ensuring no user activity is tracked while they are logged out.

Regarding your other points:

De-registering Push Tokens: I would advise against this. There's no need to deregister the tokens. You can keep them tracked in Braze, stored on the user's profile. It simplifies the process significantly when they log back in.
Anonymous Users: The anonymous user/merge flow is overly complex for this use case and, as you noted, can be tricky when an external_id is already present. A simpler solution is much more effective.

The most straightforward and robust way to manage this is with a simple custom attribute.

Here’s the recommended flow:

Set a Custom Attribute: Create a boolean attribute like is_logged_in.
On User Logout: Set is_logged_in to false and then call the functions to stop tracking.
On User Login: Re-enable the SDK, call changeUser() to identify the user, and set is_logged_in to true.

By doing this, you can easily filter all your push campaigns and Canvases to only send to users where is_logged_in is true.

This approach cleanly solves both of your main requirements:

No pushes are sent to logged-out users because of the segment filter.
Push preferences are instantly recovered upon re-login because their subscription state was never altered.

Hope this helps clear things up,

Emmett, Covalent Marketing

inespais

@ECulle thank you for your response. I would agree that generally the custom attribute identifying whether the user is logged in/out is a good way to approach it, however, in this case that would mean that if you logout from one device, you also stop receiving comms on additional devices where you're still logged in... So ideally I want to find a solution that works on the device-level and doesn't affect the entire user profile (and all other devices associated with it).
Any advice?

Manoj__

Hello @inespais based on your requirement, it is best to use disableSDK on device when a user logs out.

This will stop data collection and any tracking on that specific device. Other devices registered for that user will still work.

When the user login again, then you can use enableSDK to resume the data collection.

inespais

@Manoj__ hello & thank you! Just to double check, do you also disable the push token? I.e. on iOS stop APNs delivery via UIApplication.shared.unregisterForRemoteNotifications(); and on Android stop FCM delivery via FirebaseMessaging.getInstance().deleteToken() ?
I believe that would be the only way to really ensure no push notifications can be delivered...

ECulle

Hey @inespais,

Another possible solution would be what you mentioned to create an anonymous profile, but with the consideration that it may create a large amount of useless profiles.

The Technical Implementation:

The entire mechanism hinges on using the changeUser SDK method to manage the association between a device's push token and a user's profile.

On User Logout: Call the changeUser method with a null value.
- Android (Kotlin): Braze.getInstance().changeUser(null)
- iOS (Swift): Appboy.sharedInstance()?.changeUser(nil)
What this does: This command tells Braze to end the current user's session on that specific device. In the backend, Braze migrates the push token from the identified user's profile to a new, anonymous profile. The logged-in user is no longer associated with that device.
On User Login: Call the changeUser method with the user's ID.
- changeUser("external_id")
What this does: This re-associates the device's push token with the correct user profile, seamlessly restoring their ability to receive targeted pushes on that device.

The Operational Practice:

Because the logged-out device still has a valid push token (now tied to an anonymous profile), it could still receive broadcast campaigns sent to "All Users". The solution is to ensure your campaigns are correctly targeted.

Apply a filter to your campaign segments: When building campaigns, add a filter to target only known, logged-in users.
External ID is not blank

By adding this one rule, you ensure messages are only sent to devices that are actively logged into a user account, automatically excluding all logged-out sessions.