Does the app get a callback from the operating system to indicate that it is being uninstalled? If it does, you can make the logout API request to invalidate the session. Additionally, setting the session timeout to be that high is probably not a very good idea (partially for the reason you described).
The framework that I use (Corona) has a hook that can be used to execute some tasks at app exit but not at uninstall. Also, the only tasks that can be used in that hook are “simpler” local tasks that have a chance of finishing before the app exits. Network calls are not reccomended for that reason.
Even if I set the timeout to a week it means that users could lock themselves out from the system for a week. Setting the number of simultaneous sessions to 10 is what I can do to minimize the probability of that.
What would be your “standard”, most common or even recommended settings for these parameters? Allow multiple sessions at all? How long inactive timeout?
The likelihood that a user would uninstall/reinstall the app 10 times is very low. The multiple logins feature is useful when you envision different users using the same credentials concurrently. For example, Netflix let’s customers use the same login at the same time (i.e. to allow a family to stream on multiple devices). In many other cases, the feature doesn’t really make sense.
Ok, I will just disable multiple login then. I will also do some more tests just to make sure that it was indeed the install/uninstall that caused it. Let me get back if it was something else…
Thank you for your help!