Incorrect User Details Returned After Logout and System Time Change

Message:

In our React Native application, we are using Auth0 for user signup and login. We observed the following issue:

  1. User X logs in using email and password.
  2. User X logs out.
  3. After logout, the device’s system time is manually changed.
  4. Then, user Y logs in using different credentials.

Despite user Y successfully logging in, the application still returns user X’s profile details instead of user Y’s.

This issue appears to be related to device time manipulation affecting session or token caching. Please advise on how to prevent this and ensure accurate user data is returned after each login.

Raise this support ticket to Autho

Hi @exchanga,

This issue could be caused by incomplete session clearing, where User X’s tokens is not properly removed from the device’s storage upon logout. When the device time is altered, the old, cached token may appear valid, causing the application to fetch the wrong user’s data.

To fix this, try explicitly clearing all locally stored session data during the logout process using the clearSession method from the react-native-auth0 library.

Have a good one,
Vlad