Sessions are being deleted

[stevestencil]

Issue Description

Our application needs the ability to only allow 1 session per device type. For Example: they can only have 1 session if they log into a mobile device. So if they login using their iPhone, it will log them out of their iPad. But it they login via the website, the session on their iPhone will not be deleted. If they log into the website with a different browser, it will delete only their other website session.

I accomplish this by using a cloud function called "loginUser" which takes 3 parameters (username, password, source). The cloud function will call the Parse.User.login function and then update the session that is returned with the source and delete the remaining sessions that match the same source. This has worked for awhile and then we started getting reports of only 1 session being allowed no matter what. I finally got time to track down what was causing it and traced it back to issue #3451. The fix for this issue deletes duplicate sessions based on installation id. Since our login function is being called from the server, and not the client, the installation id being passed to the login function is the same no matter who's logging in. (I am able to update the installation id later from the client after a successful login so it wasn't an issue before) Now that sessions are being deleted automatically (#3451) based on installation id, it is not allowing our users to be logged into more than 1 device.

Steps to reproduce

create a function like below:
Parse.Cloud.define('loginUser', async (req) => { const { username, password } = req.params; const user = await Parse.User.logIn(username, password); return user; });
Call said cloud function from 2 different devices and pass in username and password

Expected Results

2 separate session tokens should be created.

Actual Outcome

1st session token will be deleted

Proposed Solution

If I could override the installation id being generated in the Parse.User.login function then everything would work as expected. For now I guess the only work around would be to use the REST api and call the function without the Parse.User.login function?

Environment Setup

• Server
  • parse-server version: 3.7.2
  • Operating System: OSX
  • Hardware: iMac
  • Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): Localhost and AWS

[davimacedo]

You can do:

const user = await Parse.User.logIn(username, password, { installationId });

[stevestencil]

passing in installationId an option does not work

[davimacedo]

why not?

[davimacedo]

It should work: https://github.com/parse-community/Parse-SDK-JS/blob/master/src/ParseUser.js#L429

[davimacedo]

Have you tried before? What happened?

[stevestencil]

I just tried it... the installationId does not change to what I make it

[davimacedo]

What is the Parse Server version that you are running? I will try to reproduce and solve the bug.

[davimacedo]

Can you try the following?

const user = await Parse.User.logIn(username, password, { installationId, useMasterKey: true });

[stevestencil]

3.7.2

[stevestencil]

that did not work

[stevestencil]

were you able to replicate the issue?

[davimacedo]

Not tried yet. But I will try in few minutes to figure out why it is not working.

[stevestencil]

ok I found the issue... This line is causing the installationId to be set if the installationId is falsy in the options... so if i pass { installationId: '' } or { installationId: null } into options, that line will override it. I suppose this line should check to see if installationId is set instead of checking if it's truthy?