User session best practices

This page is written to help clients understand the best practices with long-lived user sessions with our Validic SDK and why ending a user session is designed to be a destructive operation.

To start with Validic recommends that the user session should be long-lived and shouldn’t be tied directly to the user action of logging out of the client’s mobile app. Any time there is an intention that the user can start using the app again with the devices and readings they have, the session must be maintained to keep the needed information available.

There are several reasons for this but most importantly we remove all session data at the session end because the session contains the information we need to identify which Validic user any retrieved records belong to. Without knowing the Validic user, we do not know who the records belong to and we cannot do any server-side processing of the data we receive via the mobile SDK.

Certain BLE devices do not pair with the mobile operating system. For those devices, we store additional info in the session to help us communicate with the devices when they’re in range. Whether the device pairs with the operating system is outside of the control of our SDK, unfortunately, so the differing behavior they see is annoying but necessary for us to properly communicate with the different vendors and device models we support.

In addition to the BLE and data payload aspect, aggregator data permissions and subscriptions are also stored inside the user session. If the session ended prematurely, then users would have to re-grant the data permissions that would all have been removed when the session ended. This means they wouldn’t have continuity of data syncing and clients would potentially have frustrated and/or confused users.

This means that ending the session does not always tie directly to the action of the user logging out of the mobile app. The session should only end when the intent is to remove all user settings from the SDK and no longer recognize and listen for previously paired devices. As such, the Validic Mobile SDK session does not necessarily align with the host app’s user session.

Android Native session documentation: https://helpdocs.validic.com/docs/android-native-sdk#session

iOS Native session documentation: https://helpdocs.validic.com/docs/ios-native-sdk#manage-a-session

Cordova wrapper session documentation: https://helpdocs.validic.com/docs/cordova-framework-wrapper#session

React wrapper session documentation: https://helpdocs.validic.com/docs/react-native-framework-wrapper#session

Xamarin Android Wrapper session documentation: https://helpdocs.validic.com/docs/xamarin-android-framework-wrapper#session

Xamarin iOS Wrapper session documentation: https://helpdocs.validic.com/docs/xamarin-ios-framework-wrapper#session