Session Persistence
RideEase ensures a seamless user experience by persisting user sessions across app restarts. The system utilizes a hybrid approach, combining Firebase Authentication for identity management and SharedPreferences for local application state tracking.
Overview
Session persistence is handled primarily during the application startup within the SplashActivity. The app verifies two conditions before granting access to the main dashboard:
- Authentication State: Is there a valid Firebase user session?
- Profile State: Has the authenticated user completed their profile details (Full Name, Phone Number, etc.)?
Persistence Strategy
The application uses the RideEasePrefs SharedPreferences file to store lightweight session flags.
| Key | Type | Description |
| :--- | :--- | :--- |
| isLoggedIn | Boolean | Global flag indicating if a user is currently signed in. |
| userId | String | The unique Firebase UID of the current user. |
| detailsSubmitted_{userId} | Boolean | Tracks if a specific user has completed the onboarding process. |
Accessing SharedPreferences
To interact with the session state manually, use the private preference mode:
SharedPreferences libraryPrefs = context.getSharedPreferences("RideEasePrefs", Context.MODE_PRIVATE);
boolean isLoggedIn = libraryPrefs.getBoolean("isLoggedIn", false);
Session Validation Flow
When the app launches, the SplashActivity uses an AuthStateListener to ensure Firebase is fully initialized before making navigation decisions.
1. Verification Logic
The system checks for inconsistencies between the local state and the Firebase server state. If isLoggedIn is true but no Firebase user is found, the session is invalidated.
// Example logic used in SplashActivity
FirebaseUser user = firebaseAuth.getCurrentUser();
boolean isLoggedIn = prefs.getBoolean("isLoggedIn", false);
if (isLoggedIn && user == null) {
// Handle inconsistent state
prefs.edit().putBoolean("isLoggedIn", false).apply();
isLoggedIn = false;
}
2. Profile Completeness Check
Even if a user is authenticated, they may be redirected to the UserDetailsActivity if their profile is incomplete. This is handled via AuthUtils.checkUserDetails.
AuthUtils.checkUserDetails(user.getUid(), new AuthUtils.UserDetailsCallback() {
@Override
public void onComplete(boolean hasDetails, String userId) {
if (hasDetails) {
// Navigate to MainActivity
} else {
// Navigate to UserDetailsActivity to complete profile
}
}
@Override
public void onError(String error) {
// Fallback or retry logic
}
});
Managing Sessions
Starting a Session
Sessions are initiated automatically in LoginActivity and SignupActivity upon a successful Auth result.
// Logic inside Login/Signup observers
prefs.edit()
.putBoolean("isLoggedIn", true)
.putString("userId", authResult.getUserId())
.apply();
Updating Profile State
When a user completes their profile in UserDetailsActivity, a user-specific flag is set to prevent future redirections to the onboarding screen.
prefs.edit()
.putBoolean("detailsSubmitted_" + userId, true)
.apply();
Ending a Session (Logout)
To properly log a user out and clear all persisted states, use the AuthUtils.clearLoginState helper. This ensures that both global flags and user-specific details are wiped from the local device.
// Usage: AuthUtils.clearLoginState(context);
public static void clearLoginState(Context context) {
SharedPreferences prefs = context.getSharedPreferences("RideEasePrefs", Context.MODE_PRIVATE);
String userId = prefs.getString("userId", null);
SharedPreferences.Editor editor = prefs.edit();
editor.putBoolean("isLoggedIn", false)
.putString("userId", null);
if (userId != null) {
editor.remove("detailsSubmitted_" + userId)
.remove("userType_" + userId);
}
editor.apply();
}
Security Best Practices
- Token Management: RideEase relies on Firebase Auth's internal token refreshing mechanism. No sensitive passwords or auth tokens are stored manually in
SharedPreferences. - State Synchronization: Always verify the
FirebaseUserobject fromFirebaseAuth.getInstance().getCurrentUser()as the primary source of truth before performing privileged operations.