Session lost when more than one client connects

[markuswinkler]

I ran into a very strange problem.
Everything works fine until I connect with a second device (different user) to the server via facebook login.
The moment I login with the second device the first session somehow gets lost internally.

I wrote a short cloud function for testing:

Parse.Cloud.define("ping", function(request, response) {
    response.success("PONG. request: "+JSON.stringify(request));
});

The response is the full user:
(PONG. request: {"params":{},"master":false,"user":{ <FULL USER DATA>},"installationId":"eb4c6ae0-b187-482f-b43e-4db7186c0366"})

The moment I login in with the second device the response becomes:
(PONG. request: {"params":{},"master":false,"installationId":"eb4c6ae0-b187-482f-b43e-4db7186c0366"})

Of course from this point on nothing works anymore for the first user.
I am not using any Parse.Cloud.useMasterKey() calls anywhere.

Any idea what can cause this?

[drew-gross]

Can you include some more details about what is happening? This code alone isn't enough to debug the issue. The easiest way to debug would be if you provided the cloud code and a series of REST API calls or JS SDK calls that reliably reproduce the issue.

[markuswinkler]

Hmm, interesting.
I tried to replicate the behavior with cURL calls, but with cURL I always get the empty response.

curl -X POST \
  -H "X-Parse-Application-Id: XXXXXXX" \
  -H "X-Parse-Session-Token: r:YYYYY" \
  -H "Content-Type: application/json" \
  http://localhost:1337/parse/functions/ping

and

curl -X POST \
  -H "X-Parse-Application-Id: XXXXXXX" \
  -H "X-Parse-Master-Key: ZZZZZZZ" \
  -H "Content-Type: application/json" \
  http://localhost:1337/parse/functions/ping

and

curl -X POST \
  -H "X-Parse-Application-Id: XXXXXXX" \
  -H "Content-Type: application/json" \
  http://localhost:1337/parse/functions/ping

always results in
{"result":"PONG. request: {\"params\":{},\"master\":false}"}

[drew-gross]

It sounds like there is some other issue in your server code or client code or your curls. At the very least the "master" parameter should change when you use the Master Key.

[markuswinkler]

Never mind. I am an idiot. I found some additional legacy code that manipulated the sessions table after login to prevent a client to be logged in from more than one device at the same time (which worked great on parse.com).

Once I removed that everything worked fine, seems I need to rework that logic.

[drew-gross]

If it worked on Parse.com it could potentially be a real bug in Parse Server. If you find a reliable and repeatable difference that isn't one of documented ones like Parse.Cloud.useMasterKey() and Parse.User.current() please open a new issue

[markuswinkler]

Would totally do, love to help, in this case it was purely my fault again, already found it.
I did a search and replace for find/destroy calls to add useMasterKey during the migration.
Turns out I forgot that I intentionally did not use masterKey in the code in question to find only sessions that belong to the user himself (and destroy any older ones).

The new function call found and destroyed ALL other sessions with masterkey enabled, not just the one belonging to the user, explains perfectly why the calls for the first device failed once the second logged in.
If anything then it's a testament that the sessions work exactly as intended. :)

[Bragegs]

@markuswinkler Would you mind sharing your code or hints to how you did this? I am trying to implement the same thing(Only one session per user). I suppose you delete all other sessions that has the same user pointer, but has different session object id or different installation id? Can I fetch the current user session in cloud code, or do I have to call it client-side and insert it as a parameter to the cloud code?