Manage session tokens upon login

cperryoh · July 28, 2022, 5:16pm

Hello, I am attempting to use cloud code to manage session tokens upon login. I am looking to have one token per user and when a user logs back in, all their other sessions are terminated. Here is what I have tried so far,

Parse.Cloud.beforeLogin(async request => {
  const { object: user }  = request
  if(user.get('isBanned')) {
   throw new Error('Access denied, you have been banned.')
  }
  const query = new Parse.Query(Parse.Session);
  query.equalTo("user", user);
  query.find({useMasterKey: true}).then((sessions) => {
    return Parse.Object.destroyAll(sessions, {useMasterKey: true});
  }).catch((error) => {
    console.log(error);
  });
});

Although with this code, all sessions are deleted upon login, even those that dont belong to the user calling the login.

davimacedo · July 28, 2022, 6:21pm

I don’t see how this code could be deleting other users’ sessions but it can delete the new session that is going to be created, because you are not awaiting the operations do finish. I’d do something like:

Parse.Cloud.beforeLogin(async request => {
  const { object: user }  = request
  if(user.get('isBanned')) {
   throw new Error('Access denied, you have been banned.')
  }
  const query = new Parse.Query(Parse.Session);
  query.equalTo("user", user);
  const sessions = await query.find({useMasterKey: true});
  await Parse.Object.destroyAll(sessions, {useMasterKey: true});
});

cperryoh · July 29, 2022, 4:54pm

That await did the trick, thanks!