How to clear persist stores at logout?

[Disane87]

Hi,

I use your stores to communicate with my rtdb of firebase. Now since my application has many users, the chance somebody shares a computer with another user is relativly high.

For caching I've persisted the stores like akita stated: https://datorama.github.io/akita/docs/enhancers/persist-state

On logout I want to clear all the stores with clearStores: https://datorama.github.io/akita/docs/enhancers/persist-state/#clearstore

    this.auth.signOut().then(() => {
      this.router.navigate(['auth/login']);
      this.persistStorage.clearStore();
    });

Actually this clearStore doesn't clear the store for that user:

What would be the best approach to clear all the stores?

[fritzschoff]

Hey, welcome back. I would reckon to use the clearNode() function. Let me know if that is what you looking for, if not I can implement something tomorrow afternoon CET.

[Disane87]

I suppose clearNode wouldn't be enough since I have to subscribe to my authService in every store I'll write. Preferably the clearStorage approach of akita will be a good way to got for me.

[fritzschoff]

Right, you would also need to clear the storage. And Akita ng fire doesn't "care" about if you using the persist state or not, since it is just a bridge between firestore and your Akita Store. But I will double check that tomorrow.

[Disane87]

And Akita ng fire doesn't "care" about if you using the persist state or not, since it is just a bridge between firestore and your Akita Store

indeed, it seem so :D Thank you in advance Max!

[fritzschoff]

So I could implement the clearStore() in the clearNode function and could toggle with a boolean parameter if the dev want to call it. But it seems that this is not really the scope of this library. Let me know if I missed something here. For now I will close this issue.

[Disane87]

Thank you! I imagine that in your library you listen for when I want to clear all stores via PersistState.clearStores. But I don't know if Akita provides an observable or something like that.

I just want to avoid that I have to do the clearing of the stores individually over all stores, in which I subscribe to the logout.

[fritzschoff]

We don't really want to listen to that, cause I think the single source of truth is the database. And sometimes you want to clear your store of optional values. So if you get new data from the database the optional values don't persist. Akita is design to not purge key value pairs if the updated object doesn't hold them. There was an issue that someone said, that if we would remove a key in his firestore, that it would persist in the akita store and that was an issue for him. This is why the ressetable boolean exist in the collection service decorator. But I'm happy to discuss that in terms of a real time database.

[Disane87]

We don't really want to listen to that, cause I think the single source of truth is the database

Okay that explains it very well to me. Seems like your clearNode in every service, executed on logout, would be reasonable but very much boilerplate.

But there are downsides with the current approach: Indeed, the database is the one and only single truth but on a device with multiple users (the possiblity is given even if actually many users have their own account on the device) this could lead to some problems regarding the data security. In my application the security aspect could be ignored, since it's only a game/gamification application but the chances are high this could be a problem. Or it isn't really a problem at all and in my imagination this is only a problem.

But if I do not persist the data I'm worried about the usage/traffic of firebase.

[fritzschoff]

the possiblity is given even if actually many users have their own account on the device

But isn't that in your responsibility as a developer to handle that, since you know most likely where this app is going to be used? This shouldn't sound like an accusation, I'm open thinking/questioning here.

But if I do not persist the data I'm worried about the usage/traffic of firebase.

I will create an issue about caching, this wasn't the in our focus for a long time.

[Disane87]

the possiblity is given even if actually many users have their own account on the device

But isn't that in your responsibility as a developer to handle that, since you know most likely where this app is going to be used? This shouldn't sound like an accusation, I'm open thinking/questioning here.

I didn't take it as an accusation either, don't worry. It is yes, since you can't predict anything at your point. But IMHO a developer convinient ability to clear all rtdb store would be prefered without forcing the dev to repeat the same code over and over, like in my example injecting the authService, listen to logout$ and after that clearNode.

My point is not the security at all, I guess I've lost my mind in genereous use cases you can't handle in a generic lib. My point is only the ability to enforce a clear of the store like I would clear the akita stores.

But if I do not persist the data I'm worried about the usage/traffic of firebase.

I will create an issue about caching, this wasn't the in our focus for a long time.

Thank you! 👍