Hi,
We utilize ParseServer in our mobile application and are currently evaluating potential security risks associated with its use.
Every REST API request includes a sessionToken, which is employed to authorize the request on the Parse server and identify the user sending the request. Given that the sessionToken is a long-term token, there’s a concern that if someone were to gain unauthorized access to our _Session table in the database, they could potentially make API calls on behalf of any user.
Are there any measures or future plans in place to enhance session management security?
Thank you,
Jindrich