Signing the user out

Whenever a device is detached, the owner/user of that device should be logged out immediately. Let's take a closer look at some scenarios and how to handle them.

Device is online and is detached (by another device or for inactivity)

Sabil automatically handles notifying the devices if they are online. We use realtime APIs to send a notification to the SDK which will trigger the on_current_device_logout callback. You must implement this callback with the proper logout functions to see the results.

Important You must implement the on_current_device_logout callback for realtime detach handling to work properly

Device is offline and is detached (by another device or for inactivity)

Because the device is offline, there is no realtime communication between Sabil's servers and the device. So we cannot notify it immediately. Instead, Sabil's servers send a webhook event of type device.detached which include the device information and any metadata that was added to the device on the attach request.

If you implement the webhooks, when you receive the event, you should expire the user session, delete their login cookies or expire their bearer token. Because the user will have multiple sessions, you can send an identifier in the metadata and use that to select which session to logout.

Take a look at the Handle webhook events guide.