Drop in probably stores payment data

[caesar84mx]

Braintree SDK Version

6.9.0

Environment

Both

Android Version & Device

No response

Braintree dependencies

com.braintreepayments.api:drop-in

Describe the bug

Drop-in probably stores user's payment data and uses them for future payments, which creates the following problem in the consumer apps: the user logs in, makes a payment, logs out, logs in under different creds and when he opens the drop-in, the prevous user's payment data appears. In our case the braintree token is received from the backend and it is proved that the token is different for different users.

To reproduce

Consumer app: an app with drop-in payments. User A: one random user. User B: another random user.

1. Have a consumer app.
2. Log in with user A account
3. Get a user's braintree token
4. Using the bt-token from step 3 make a payment using bt drop-in registering a new card information
5. Log out from the user A session
6. Repeat steps 2 to 4 for user B
7. See the latest payment information used by user A

Expected behavior

User's payment information is cleared after performing the payment.

Screenshots

No response

[sshropshire]

@caesar84mx thanks for using the Braintree SDK for Android. Can you provide a screenshot / video of the observed behavior to help us find the root cause of the issue?

[caesar84mx]

Found and fixed the issue. The problem was that I was creating and calling the client in the same activity as the rest of the app, saving this way, once and forever (until the complete app restart), the same instance of the client with the same braintree token. That's why just relogging in within the same activity didn't work for me and I was using the same client with the same token for a different user. Moving the call to a separate activity (e.g., DropInPaymentActivity), which implements DropInListener solved the problem. Thus, a new client's instance is being created with the updated bt token.