My app is currently receiving push notifications that are associated with the previous application user account when this type of situation occurs:
- Player installs app and registers as “bob”
- bob’s device token registered with web service
- Player reinstalled app and registers as “phil” (on same device)
- phil’s device token registered with web service
Even though the player is now logged in as “phil” they will continue to receive push notifications for the account associated with “bob” as well as “phil”.
If I was using UDID I could ensure that only one device token is registered per device and therefore remove the UDID and device token from the player’s old web service account, “bob”, thus ensuring only one active account per device. This would happen when the player registers as “phil” and the web server could see that the player has registered a new account with the same UDID and then remove the UDID and device token from any old accounts with that UDID (i.e. the “bob” account). No more push notifications would be sent to the bob account until someone logs into that account again (on the same device, or a new one).
However, this is won’t work very well when using CFUDIDCreate since it is likely to change between installs.
How do I ensure that push notifications are only received for the currently logged in user? Or, to put it another way, how do I ensure that my web server stores only one device token per device?
You could make the APNS token the key server-side instead of a device specific identifier. When reinstalling the app, you would replace the existing (APNS token, “bob”) record by (APNS token, “phil”), thus removing the link between the token and bob’s account when reinstalling the app.
As far as I know the APNS token does not change between reinstalls of an app, so this should work. (If it did change between reinstalls in a future version of iOS, this would not be a problem because the old token would not be valid anymore, so the device would not get notifications sent to bob).