Handle session expiration without disturbing user


I would like to implement a short session expiration (lets say one month) for following case:

  1. User log in on his second device (username+password or apple)
  2. afterLogin trigger checks number of sessions and if > 1 an multiDevice = true is set in User
  3. if multiDevice = true then the client will open liveQuery also on user’s User and Profile documents → to sync the changes done on second device to first
  4. on afterLogout would again multiDevice = true checked

If the user would lost or stopped using his device the session would get expired and there would be no sync need.

But how can I renew sessionToken without going through the onboarding and login screen again? Do I understand it right that I have to save username+password to keychain and login again in background? For appleID this can’t even be done in background as a need UI view pops up for confirmation.

I see there was some work done on OAuth, but unfortunately got quiet here. Would that help to cover this problematic (both appleID and username+password)?

I’m not sue if I understood your use-case but session expiresAt can be currently changed via REST API, using the Master Key.

1 Like