Session Token validation with NodeJS

#21

I would need to see some code or something, can you setup a sandbox environment and pm me the details. I’m happy to help as I have been in this position with Parse and it’s frustrating as hell.

Can you post the code, where you are trying this: I validate the session token server side then send the response (this is where I’m stuck)?

#22

That’s the code I posted above with the axios request. In postman it gives me a successful response but in node with axios, it gives me an 403 error.

I will message you about setting up a sandbox environment. Thank you.

#23

I’m actually facing a similar situation with Nuxt when running on SSR. In Nuxt there’s a certain function (asyncData) that’s called on both server side and client side to initialize the data.

asyncData() {
  Parse.User.current();
}

When running on server side, it’s bound to error because there’s no access to the localStorage. I know I can ditch the Parse SDK and use REST API instead, it’ll be too much of wrapping codes to do.

Or, I could separate the codes depending if it’s running on server or client, but it’s going to duplicated everywhere.

I tried to set the RESTController to read the sessionToken from cookies.

Parse.CoreManager.setRESTController({
  ajax: (...args) => RESTController.ajax.apply(null, args),
  request(...args) {
    const token = getSessionToken(req.headers.cookie)
    return injectSessionToken(token, RESTController).apply(null, args);
  },
})

I was too naive, Parse SDK is a singleton, under race conditions, user A could access user B’s data.

My takeaway was that Parse is not a good choice for SSR, especially the data you’re trying to access is restricted. I guess I’m going to stick with SPA for now.

#24

Instead of using Parse.User static methods, you’d need to send { sessionToken: “” } option in each of your queries.