根据 Firebase Google Group 的说法，这是 Firebase 的一个已知错误:

According to the Firebase Google Group, this is a known bug with Firebase:

这是我们这边的一个已知错误.正如您所指出的，删除用户后，现有的身份验证令牌仍然有效，可用于读写到您的 Firebase 数据库.安全规则仍然对这些强制执行令牌，该用户仍然只能访问他们自己的Firebase 数据(如果您的规则是这样设置的).那些认证令牌将一直有效，直到它们到期.目前没有解决方法尽管我们将在未来的版本中修复此错误.

This is a known bug on our end. As you noted, after deleting a user, existing auth tokens are still valid and can be used to read and write to your Firebase database. Security Rules are still enforced on these tokens and that user will still only be able to access their own Firebase data (if your rules are set up as such). Those auth tokens will be valid until they expire. There is currently no workaround for this bug although we are going to be fixing this in a future release.

https://groups.google.com/d/msg/firebase-talk/Yr_wn02q0bk/eTM9hop3paoJ

我唯一能想到的就是检查您是否可以读取到您的用户区，如果那里什么都没有，请强制退出.

The only thing I can think to do is check whether you can read to your users area, and if there's nothing there, force a log out.