Is it a good way to reset local database on logout in react native?

[rajatayyabjanjua2000]

Currently I am creating a react native app with laravel back end. Normally everything works fine but then I thought that app should also operate offline so for that I used watermelon database as a local database . So finally my app is semi offline in which login and register can't be done without internet while all other operations can also be done offline , So when ever user login all of his record pull from laravel server with synchronize method and when ever he create, update or delete without internet all of his actions will push to laravel when ever user reconnect to the internet. if user logout his database will be reset so if user logged in with different credentials then new record will be pull , But then I have multiple questions

1- what should I do if user create , update or delete any record without internet and he log out before any internet access? because if he done that all of his actions will go in vein.

2- Is it a good way to reset local database on logout ?

[KrisLau]

I only know the answer for 1 which is that nothing will happen. His local DB will have a copy of the changes and if he doesn't have internet, it will either fail to sync or just not sync (depending on how you write it). In both those cases, the lastPulledAt will not be changed so the first sync after the user is back online will just sync everything that was done while offline.

[rajatayyabjanjua2000]

I only know the answer for 1 which is that nothing will happen. His local DB will have a copy of the changes and if he doesn't have internet, it will either fail to sync or just not sync (depending on how you write it). In both those cases, the lastPulledAt will not be changed so the first sync after the user is back online will just sync everything that was done while offline.

You are right but in my scenario I reset my local database with "await database.unsafeResetDatabase()" on logout.

[KrisLau]

@rajatayyabjanjua2000 I guess what I don't understand is why you are resetting the database? Is it just because of the lastPulledAt?

What I do in my application is that when the user logs in and they are not in the local database yet, I pass true to a flag (mine is called something else but for example, isFirstLogin) which tells my sync to ignore lastPulledAt and pull all the records related to the new user. This is equivalent to sending a null lastPulledAt but I needed a seperate flag so it doesn't pull the shared tables (stuff like enum/reference tables)

[rajatayyabjanjua2000]

@rajatayyabjanjua2000 I guess what I don't understand is why you are resetting the database? Is it just because of the lastPulledAt?

What I do in my application is that when the user logs in and they are not in the local database yet, I pass true to a flag (mine is called something else but for example, isFirstLogin) which tells my sync to ignore lastPulledAt and pull all the records related to the new user. This is equivalent to sending a null lastPulledAt but I needed a seperate flag so it doesn't pull the shared tables (stuff like enum/reference tables)

I am resetting my database because if I didn't then how could I sign in with different credential. e.g if user tried to logged in with "User 1 " in my app , all of his data will pull from server and save in local database and when he logged out from app and user logged in with "User 2" in same device then his data will also pull from server. So my question is that is it safe to store multiple user data in my local storage at one time?

[KrisLau]

What do you mean by safe? Like data security if they could steal other users' data? My login is through Firebase so I'm not sure what you are storing and if it is safe to store. For Firebase, I don't have to store any sensitive user information like passwords since firebase stores that. Also generally all my local storage data is non sensitive.

This might help answer your security concerns: https://github.com/Nozbe/WatermelonDB/issues/51

[rajatayyabjanjua2000]

What do you mean by safe? Like data security if they could steal other users' data? My login is through Firebase so I'm not sure what you are storing and if it is safe to store. For Firebase, I don't have to store any sensitive user information like passwords since firebase stores that. Also generally all my local storage data is non sensitive.

This might help answer your security concerns: #51

[rajatayyabjanjua2000]

sa

What do you mean by safe? Like data security if they could steal other users' data? My login is through Firebase so I'm not sure what you are storing and if it is safe to store. For Firebase, I don't have to store any sensitive user information like passwords since firebase stores that. Also generally all my local storage data is non sensitive. This might help answer your security concerns: #51

Safe mean saving data of multiple user's data in same device

[KrisLau]

@rajatayyabjanjua2000 I understood that part but why would multiple user data on one device pose a problem for you? What kind of data is it? Like passwords? If it is sensitive data, it doesn't matter if it's one or multiple users' data as it is not safe to store any unencrypted sensitive data from my understanding

[hamzaawais96]

@rajatayyabjanjua2000 I guess what I don't understand is why you are resetting the database? Is it just because of the lastPulledAt? What I do in my application is that when the user logs in and they are not in the local database yet, I pass true to a flag (mine is called something else but for example, isFirstLogin) which tells my sync to ignore lastPulledAt and pull all the records related to the new user. This is equivalent to sending a null lastPulledAt but I needed a seperate flag so it doesn't pull the shared tables (stuff like enum/reference tables)

I am resetting my database because if I didn't then how could I sign in with different credential. e.g if user tried to logged in with "User 1 " in my app , all of his data will pull from server and save in local database and when he logged out from app and user logged in with "User 2" in same device then his data will also pull from server. So my question is that is it safe to store multiple user data in my local storage at one time?

You can create multiple databases. Each database would be for a single user.

[mayzan-nilarthein]

For Q.2 ) In my case, I stored the data alongside the 'user_id' and retrieved data from the table using the user_id. This can resolve the issue.

[killerchip]

When you sync you have to take into account the 'userId' or something that identifies the rows of a user.

But when a user logs out, leaving his data on the device, I would not say is the best security practice. I understand that in some cases this might not be a security issue, but in most of the cases, it can be.

I prefer also the option of unsafeResetDatabase