The client is using the previously deleted session Id. Our setup does not let clients log in directly through the Sync Gateway, we have an application server running that provides the session details to the clients when we verified their access. Part of this application server allows us to revoke access to previously granted devices, currently we remove both the User and all it’s sessions from the Sync Gateway when that happens.
The app checks in with the application server every time it starts (or when it gets an internet connection).
Some trimmed down of our client side replicator code, TokenSessionId and TokenCookieName come from the application server.
var replicatorConfig = new ReplicatorConfiguration(db, new URLEndpoint(url))
{
Authenticator = new SessionAuthenticator(TokenSessionId, TokenCookieName),
Continuous = true,
ReplicatorType = ReplicatorType.PushAndPull
};
replicator = new Replicator(replicatorConfig);
After this code we attach some listeners and call .Start() on the replicator.
At first everything looked fine, but then we noticed pushed were still going through. We have a possible workaround for our application, where some client device info is synced to all clients, so we can listen for document changes on the client and the client can see it has it’s access removed and act accordingly. This might not be the case for other users with the same problem though.
Last week I actually remembered that we had asked a similar question a while ago (Session removal keeps sync active)