I've got a question about how firebase email verification work.
Case:
What happened to the already signed in user (in device A)? Is firebase signed them out or just verify new email, but still signed in with the current user?
The email verification occurs out of band and would not affect any existing firebase states until it is reloaded. If a user verifies their email, you have to call firebase.auth().currentUser.reload() to update the emailVerified property. If you are using firebase rules with emailVerified field, you need to force a token refresh (firebase.auth().currentUser.getToken(true)) after verification. You can use the Firebase realtime database to set some flag on email verification and detect it in the existing session to force a user to reload. This would require you build your own custom email verification handler: https://firebase.google.com/docs/auth/custom-email-handler
