Closed mman closed 7 years ago
to me it was a endpoint called getCountries
, a random one. Usually it affects all of them
Do you have the code for that 'random' endpoint?
Parse.Cloud.define("getCountries", function(request, response) {
var query = new Parse.Query("Pais");
query.limit(1000);
query.descending("priority");
query.find({
success: function(result) {
response.success(result);
},
error: function(error) {
response.error(error);
}
});
});
Was it the find or the call that was yielding the invalid session? What SDK was making the call? I'd love to get closure on that issue. AFAICT, i can't design a repro case.
Yeah, that example is an dead end. That call was made from Android, iOS and Javascript, do you need the version specifically of each one?
I don't know if it's the call yielding the invalid session, I'm not sure if I understand the question
I'm trying to narrow down the surface of the issue, trying to understand if it comes with a particular SDK or all etc...
@flovilmart I have some time this week to spend on this. I have forked the official repo and added couple debugging statements but I need your help explaining to me how to base my custom app on my own github.com based parse-server fork. Updating my custom server's package.json
to point towards my forked repo does not work as it seems that plain npm install
is not enough to correctly build parse-server dependency.
What's the easiest and proper way to use my custom forked parse-server as a dependency??
Thanks
So, because we're using babel to transpile the code and the src
folder is skipped from package.json, this requires a bit of work on your side.
Local développement:
This will let you use your copy of parse-server locally, while you're developing your instrumentation.
Deploy with your fork
npm run build
In your project:
Replace the parse server dependency with a github URL
Thanks @flovilmart, that's precisely what I needed, running my own version with additional debugging info on one of the cluster nodes. Will update the bug once I collect something useful
Let me know how it goes ;)
So I have caught some errors finally:
Trace: Auth.js: line 61: results wrong: sessionToken: 'CS2lrdWm5kB8afEv8IchXNlob'
at /parse/node_modules/parse-server/lib/Auth.js:76:17
at process._tickDomainCallback (internal/process/next_tick.js:135:7)
It indeed appears as non-revocable session token and the good news is that it's just one and the same token everywhere. Looks like one super old buggy version somewhere out in the wild. I guess we are coming to and end and we can safely close this issue... I'll think if I can somehow improve the logging here, perhaps adding HTTP request that triggered this..
I could indeed add additional logging when this gets triggered
But that's great news for you indeed :)
It's excellent news indeed as it is only one user that is triggering it and it apparently does not have any side effect :). Feel free to close this issue.
Thanks for all helps with this, I'm watching parse-server closely and learning hoping I can contribute more in the future as well :)
Awesome, that makes we think we need to beef up the debugging capabilities of parse-server so we spend less time debugging those issues.
So, what's the early solution for this? Since it's closed, I assume there's a workaround to do
As per @mman debugging, it seems that the invalid session token is yielded by an old, non revocable session token on a single user and therefore, not fixable server side.
Would it be good to remove all elements for sessionToken if clients are prepared to ask for a login again then ?
What do you mean by that?
Drop the _SessionToken collection, basically (since it could contain old session tokens) and start again from 0 items
Yeah, you can do that if you like, but I don't think it should be done by the server :)
No no, of course, I'll just drop the collection and check my script if it still has that problem.
If I drop the _Session
collection, will the users be logged out?
Issue Description
I have started getting the error
invalid session token code=209, message=invalid session token
after upgrading to 2.3.7 earlier today. Looking at now closed bug #2255 and at the source code the root cause seems to be that there are two session ids present for the same user and same installation id created and updated around the same time.Not all API calls generate this error and not all users are affected.
Steps to reproduce
Not sure, I'm continuously updating parse-server every few weeks to keep with the latest releases, the message started popping up after upgrading to 2.3.7.
Logs/Trace
This is one of the requests that generates the error message:
This is the query for all sessions for that user
If you look at the session for installation id
bcf5b055-3b1c-4dc2-a405-5e04a5a1c3ad
they are actually just few milliseconds apart which looks weird...Please let me know if you need more details.