[w3c/push-api] Push notifications for logged In user (#297)

Talking about push subscriptions, I understand that they are **per device**, not **per user**.
What if I want to push a private notification to a logged in user, but I don't know if the user is still logged on the device where he once generated the subscription?

Take this use case:
- A user logs into my website
- I (the website) prompt him if he wants to receive personal push notifications (let's say I could send him a push when another user sends him a private message)
- I get the subscription and save it on my db for that specific user.
- If another user sends him a private message, I show the notification to the user.

Everything works like a charm but after some time the user logs out, and another user logs in to the same website from the same exact device (the first user girlfriend, let's say).
Now, if someone sends a private message to the first user, his girlfriend will see the notification (because she's on the same device, and the permission is of course per-device and does not take into account any "login" logic).

How could that edge case be handled? I wouldn't like to track user login sessions in my backend, also because the user could log in at the same time on multiple devices and I also wouldn't like to pair each subscription to a specific device.

Is it a use case considered by the push-api, or is the api suitable to send only "generic" notifications to all the users who gave their consent to display notifications?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/issues/297

Received on Monday, 18 June 2018 16:00:01 UTC