User Token persists on requests even after logging out

Hi team,

I’m currently facing an issue where the user token persists on requests made with the Flutter SDK even after logging out the user. We are manually setting the user token and the current user.

We are invoking a custom service, and I have noticed that the issue does not happen if we log in then log out before making any requests. But if we login, make a request, and then log out, the user token is sticky and is still persisted.

Also interesting is that if we call Backendless.userService.getUserToken(); while this issue is happening, it returns null but when inspecting the network requests the user token is still present.

Please see this sample code that generates the issue:

              final tmpUser = BackendlessUser();
              tmpUser.setProperty("user-token", "fake-token-1");
              tmpUser.setProperty(
                  "objectId", "3F71DB91-89E9-427B-BD1E-B4E1B4A2BC88");
              await Backendless.userService.setCurrentUser(tmpUser);
              await Backendless.userService.setUserToken("fake-token-2");

              var token = await Backendless.userService.getUserToken();

              final valid = await Backendless.userService.isValidLogin();
              print("is valid login: ");
              print(valid);

              await RestaurantService.me(); // custom service request

              await Backendless.userService.logout();
              var tokenAfterLogin =
                  await Backendless.userService.getUserToken();
              if (tokenAfterLogin != null)
                print("tokenAfterLogin is now: " + tokenAfterLogin);
              else
                print("tokenAfterLogin is null");

See .me() function definition:

  static Future<dynamic> me() {
    final parameters = Map();
    return Backendless.customService.invoke(_serviceName, "me", parameters);
  }

After this code is run, any custom service request has the token attached.

Please advise on how to proceed

Thank you

Hi, @Boris_Velvetech

We are looking into your issue. We will let you know when we get the results.

Regards,
Marina

I checked and I do not quite understand what is wrong? Any request in the sdk when a token is set will be invoked with that token.

Hi @Nikita_Fedorishchev!
You just finished the first step only.
You have to log out, and invoke the service one more time. The token will be present in the HTTP headers, and you will get the “Session timeout” error from the Backendless server.
Hope that helps. Thanks.

I was able to reproduce error. This issue was fixed in 7.2.12 version.
Please let me know if everything works now as expected.

Best Regards, Nikita.

1 Like

It now works as expected. Thank you for the quick fix

1 Like