Anonymous User destroyed on Logout


On logout of an anonymous user, that user is destroyed hence deleted from the Database. See line 1151 in ParseUser

if (isAnonymous) {
    return currentUser.destroy({ sessionToken: currentSession });

My question is regarding the design decision.

I understand to remove the Session and remove the user from disk, but I am wondering how come the user is deleted from the User collection. As any other user, the anonymous user can affect other Collections when they interact in the app (I am using it in React Native), and if the user for some reason logs out and the User gets destroyed, it can leave the Database inconsistent.

For example, an Anonymous user does a purchase of a product and that creates an entry in a Purchase Collection that is related to a User. If the anonymous user logs out, that Purchase is left related to a User that doesn’t exist anymore.

There is probably a good reason for it and I might be missing something. In one hand I would like to know why, in case I might be doing something wrong and if there is any way around it.

Thank you!

I’m not sure about the reason (perhaps because this user would not be able to login again?). As an workaround you can create beforeDelete or afterDelete triggers to your User class in order to maintain the database consistency.

Sounds unintuitive to me that an anonymous user is destroyed on logout. If that is really the case and not a bug, then I think this should at least be configurable and have a big warning in the docs.

1 Like

The JS SDK mimics the iOS and Android SDK

Once logged out, an anonymous user cannot be recovered.

It doesn’t specify what cannot be recovered means.

I also don’t see an anonymous user being destroyed in the iOS SDK / client side unless I missed something.

I believe we can remove the deletion. It makes sense.

I’m not sure about the reason (perhaps because this user would not be able to login again?)

I understand the user would not be able to login again, as it should be, but I would have thought that this would be able to be achieved by deleting the Session, no need to delete the User :thinking:

As an workaround you can create beforeDelete or afterDelete triggers

Awesome! Thank you so much for the suggestion, for now that is what I am using beforeDelete trigger and respond with an error to prevent the deletion of Users.

1 Like

I think so too, it being configurable would be a good way to go.

Interesting that the iOS SDK works differently. This was also not the case in previous versions of the Javascript SDK:

  • SDK v1.11.0: in no scenario a user was deleted.
  • SDK 2.19.0 and master branch: in 2 scenarios, on logout and setCurrentUser
async setCurrentUser(user) {
    const currentUser = await this.currentUserAsync();
    if (currentUser && !user.equals(currentUser) && AnonymousUtils.isLinked(currentUser)) {
      await currentUser.destroy({ sessionToken: currentUser.getSessionToken() })

I was the one that added the AnonymousUtils to the SDK. Now that I think about it you may be right. If you just use linkWith anonymous instead of AnonymousUtils the user doesn’t get deleted.

I’ll open a PR with a fix. Logout doesn’t destroy and setCurrentUser should just strip the anonymous user.

1 Like

Awesome, thank you @dplewis!

I believe that, if you return an error, the session will not be deleted either.

I created a PR