Session removal keeps sync active


#1

We currently are developing an application where users can be enabled/disabled/removed throughout the lifecycle of the application, this is done using a web application. Creation of users is also handled by this web application, the backend ensure a new user is created on the Sync Gateway, so the users can login and sync data on a desktop application and a mobile application.
When we disable (or delete) a user, the backend also disables the user login of the corresponding user account on the sync gateway (or deletes the user account), as well as clearing all sessions that currently are active.

We noticed however, that when there’s an active connection to the Sync Gateway from Couchbase Lite, the removal of the sessions is not taken in account. In our understanding this active connection should also be cut-off and not continue to function, as the user does not have access anymore.
Is there any way around this on the CouchbaseLite/Sync Gateway side, or do we need to implement application side logic that checks if the user is still active to disconnect the active connection?

we’re using the following architecture:
Sync gateway v2.0.0
Couchbase Lite v2.0.x (latest)


#2

This might be the same issue as: https://github.com/couchbase/sync_gateway/issues/1619


#3

Deleting the user will end an active replication (the user context is regularly reloaded during replication).

Deleting a session will not end a 2.0 replication, though, as the session is only validated during the initial session setup. https://github.com/couchbase/sync_gateway/issues/3727 has been filed to evaluate a possible enhancement.