Per the docs, anonymous users’ refresh token is valid for 60 days. When the token expires, the anonymous user is logged out and the user on the device is invalidated.
The issue you’re seeing is likely these users that logged in 2 months ago are expiring right now and they can no longer synchronize. This is what the “Invalid Session” error is caused by and it only affects users that logged in 2 months ago (but will keep happening in a rolling 2-month window). The reason why this breaks your app though is due to this bug - instead of logging the user out on token expiration, we still return it from
app.LoginAsync(Credentials.Anonymous()). I’ll ping the team to prioritize fixing it.
The reason why deleting the app works is that this deletes the Realm that stores the user metadata - it’s unrelated to the Realm you’re interfacing with. This deletes the invalid user and you can login with a new user that will be valid for another 60 days. You can achieve the same by subscribing to the
Session.Error event and looking at the
SessionException.ErrorCode and logging out the user if the error code is BadAuthentication:
Session.Error += (s, e) =>
if (e is SessionException sessionEx && sessionEx.ErrorCode == ErrorCode.BadUserAuthentication)
// User token was expired - log them out
var session = (Session)s;
_ = session.User.LogOutAsync();
// Redirect user to main screen and reauthenticate
This is obviously not great, which is why I’ve reached out to the cloud team to see if we can remove the expiration for anonymous users’ refresh tokens. Even if we do that, your current users’ refresh tokens have an expiry date, so it might be a good idea to add the temporary workaround code that I shared above.