One user one session only?

[mchun]

I have just updated parse-server to the latest (2.7.4) from 2.3.x and noticed a different behaviour about session. When a user login in multiple devices, instead of creating multiple session objects, session object is being overwritten, and so the user is kicked out in other devices. When is this change introduced and can I revert back to the previous one, where multiple session for the same user is allowed?

[mchun]

The old session is not overwritten but deleted instead, as I find the new session objectId is different.

[flovilmart]

Sessions should not be deleted as long as a different installation ID is provided. Can you provide the logs on the server please when running with VERBOSE=1

[flovilmart]

Also, 2.3.x is a year old, you should probably stick to more frequent updates.

[mchun]

I do not touch any session object by myself and am doubt if the new parse-server does that somewhere. I have just downgraded back to 2.3.8 and the problem is gone now.

[flovilmart]

Can you provide the logs when running with VERBOSE=1 please?

[mchun]

login from chrome:

^[[32minfo^[[39m: Ran cloud function logInForWeb for user undefined with:
Input: {"codeEntry":"5555","phoneNumber":"55555555"}
Result: {
"username": "55555555",
"name": "555",
"createdAt": "2017-04-19T12:51:47.810Z",
"updatedAt": "2017-10-17T12:37:43.882Z",
"ACL": {
"*": {
"read": true
},
"zsma1GqOIW": {
"read": true,
"write": true
}
},
"sessionToken": "r:239ebe9dd9be1a0199e0e19a941aaf6c",
"objectId": "zsma1GqOIW",
"__type": "Object",
"className": "_User"
}functionName=logInForWeb, codeEntry=5555, phoneNumber=55555555, user=undefined

then login the same user from firefox:

^[[32minfo^[[39m: Ran cloud function logInForWeb for user undefined with:
Input: {"codeEntry":"5555","phoneNumber":"55555555"}
Result: {
"username": "55555555",
"name": "555",
"createdAt": "2017-04-19T12:51:47.810Z",
"updatedAt": "2017-10-17T12:37:43.882Z",
"ACL": {
"*": {
"read": true
},
"zsma1GqOIW": {
"read": true,
"write": true
}
},
"sessionToken": "r:0e8129481bd2577af521575545972509",
"objectId": "zsma1GqOIW",
"__type": "Object",
"className": "_User"
} functionName=logInForWeb, codeEntry=5555, phoneNumber=55555555, user=undefined

Instead of have 2 _Session objects, there is only the new one and the user is kicked out when I refresh in Chrome.

[flovilmart]

You’re logging in inside a cloud function, you need to pass the installationId that made the request (req.installationId) into your login call in the cloud function.

[mchun]

Thanks!

after changing :
Parse.User.logIn(phoneNumber , password)
to:
Parse.User.logIn(phoneNumber , password, { installationId : req.params.installationId })

The problem has been solved.

[refre5h]

@flovilmart Thanks for the tips! But one question, does the installationId passed to the login call have anything to do with the installationId in the Installation class? I searched around and couldn't find any docs about it.

[flovilmart]

this is the installationId from the installation class, it serves as an indentifier that ties the sessions to the user.

[refre5h]

I have iOS, Android and Web relying on the same cloud call to return the session token. iOS and Android have the installationId, but there isn't one for the web.

I tried hardcoding a random installationId for the web, and it seems working, but I'm not sure if this is the right way to do it. Can you advice?