Session Handling

Parse Server 📡 REST API
#1

“IF” users and sessions are wiped out from the Parse API side users still have session tokens stuck in their browsers associated with currentUser.

I have an error handler to catch Parse.Error.INVALID_SESSION_TOKEN but nothing ever gets that far which is odd.

I run a check against “if currentUser” and there IS a currentUser but the session is invalid yet it never triggers my error handler.

How in the heck can I validate the currentUser session? There’s not much for docs out there on this that I can find.

#2

You can check with this way session. And I sent you a Dm, did you see?

declare module 'parse' {
    interface SessionConstructor {
        verifySessionToken(sessionToken: string): Promise<Parse.User<Parse.Attributes>>;
    }
}

Parse.Session.verifySessionToken = async function (sessionToken: string) {
    try {
        const user = await Parse.User.become(sessionToken);
        return user;
    } catch (error) {
        console.error(error);
        throw error;
    }
}
export const sessionCheck = async () => {
    const currentUser: Parse.User<Parse.Attributes> | undefined = Parse.User.current();
    const currentSession = currentUser?.getSessionToken();

    Parse.Session.verifySessionToken(currentSession ?? '')
        .then((user: Parse.User) => {
            console.log("Session is valid for user: " + user.getUsername());
        })
        .catch((error: any) => {
            console.log("Session is invalid");
            console.error(error);
        });
};
1 Like
#3

Thanks for the reply, I don’t see your dm but I’ll look.

I think my main issue with the session handling was due to some really edge case sort of stuff on user handling between two systems trying to stay synced and I really just needed to walk down the chain to make sure everything was handling each error properly in order.

I built a simple function to just verify the user on system 1 and the local currentUser session for Parse exists first and then walk down to if they all match and so on, Then handle the register new, logout old and login new that matches, if just expired login and then finally if all is good just continue on.

Sometimes you just need to walk away for the night after hours and hours of this stuff and come back with fresh eyes in the morning.

1 Like