Issues with deleted user login

This seems to be a major security issue with your database. i deleted a lot of users who are both on android and ios. what i foudn out is even after deletion of users from the database the users who are logged in continuously use the app and even update the app from playstore without any issue. meaning deletion of users from database is not reflecting the changes on to appstores which is a big flaw in your design. I have 300+ users still using the app who are no longer in the database. Please fix this ASAP as its a big flaw . and i have no way to control these users who are no longer in database but use the app fine.on top your analytic feature does not work

I would log a bug with Adalo (I’m just another customer). Try adding a Property to the User collection to show the User is deactivated (maybe call it “Deactivated” but could be done differently depending on your use case). This could be True/False or some other type. Mark the users as True for Deactivated and then update your app actions to only allow login (or other actions) if Deactivated is FALSE. Something like that would work even with Users with an account in the database. In my view, deleting users is usually not desirable so you have a record of who’s been doing stuff. But it’s your app. Hope that helps, but if you don’t have a record of the 300+ users, this may not help. You could upload their info as new users and apply this approach (if Adalo allows you - sounds like it may still have a record of Users even if you can’t see them). It might not apply to old “deleted” users though - depends how Adalo implements Users and handles deletions. Just guessing. Good luck.

opened a case with adalo and they say they know the bug. i cant believe that a company has such a major security bug and says they dont have time line for it when it will be i am sitting on waiting to fix a bug and 300+ users are using the app for free. Adalo should not be released to customer without fixing session token issue , imagine anyone building a finance application. this is really bad design from adalo.

1 Like