为什么我从 firebase 仪表板中删除了 firebase 用户后仍然登录 [英] Why firebase user still signed in after I deleted it from firebase dashboard

问题描述

我使用 Firebase Quickstarts for Android Auth 示例，然后我在 firebase 仪表板中创建了一个用户以使用电子邮件和密码登录用户，用户成功登录.但是当我删除用户时，它仍然登录并显示来自 (user.getEmail()) 的旧用户的电子邮件

I used Firebase Quickstarts for Android Auth sample, Then I created a user in firebase dashboard to login the user with email and password, the user logged in successfully. But when I deleted the user, it still logged in and showing the old user's email from (user.getEmail())

// [START auth_state_listener]
    mAuthListener = new FirebaseAuth.AuthStateListener() {
        @Override
        public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
            FirebaseUser user = firebaseAuth.getCurrentUser();
            if (user != null) {
                // User is signed in
                Log.d(TAG, "onAuthStateChanged:signed_in:" + user.getEmail());
            } else {
                // User is signed out
                Log.d(TAG, "onAuthStateChanged:signed_out");
            }
            // [START_EXCLUDE]
            updateUI(user);
            // [END_EXCLUDE]
        }
    };
    // [END auth_state_listener]

我的 firebase 仪表板中没有用户，AuthStateListener 表明用户已登录.

No users in my firebase dashboard and the AuthStateListener indecate that the user is signed in.

这怎么可能?

推荐答案

删除帐户不会自动使该帐户的当前会话过期.他们当前的会话将一直有效，直到到期.您可以在 Firebase 信息中心设置会话过期间隔.

Deleting an account does not automatically expire the current session(s) for that account. Their current sessions will remain valid until they expire. You can set the session expiration interval in your Firebase Dashboard.

如果您想强制用户注销，调用ref.unauth().

当用户更新他们的电子邮件、密码或重置密码时.Firebase Auth 后端会撤销他们的令牌，要求他们重新进行身份验证或尝试再次登录.这是一项安全功能.例如，如果他们的帐户被盗用，用户可能会重置他们的密码.所有其他会话都必须重新进行身份验证.

When a user updates their email, password or resets their password. Firebase Auth backend revokes their tokens requiring that they reauthenticate or try to sign in again. This is a security feature. For example a user may reset their password if their account was compromised. All other sessions must reauthenticate.

如果您将用户配置文件保存在您的数据库中，您可以检查该记录是否仍然存在于您的安全规则中:root.child('users').child(auth.uid).exists().

If you keep the user profiles in your database, you can check whether that record still exists in your security rules: root.child('users').child(auth.uid).exists().

另见:

• Firebase 身份验证在用户删除后未撤销?
• 在 firebase 中删除用户不会触发 onAuth方法

这篇关于为什么我从 firebase 仪表板中删除了 firebase 用户后仍然登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！