Description
New Issue Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
- I can reproduce the issue with the latest version of Parse Server.
Issue Description
Issue with 'extendSessionOnUse'
I don't understand how this feature works.
So this is where the magic happens and the session gets extended.
const lastUpdated = new Date((_session = session) === null || _session === void 0 ? void 0 : _session.updatedAt);
const yesterday = new Date();
yesterday.setDate(yesterday.getDate() - 1);
if (lastUpdated > yesterday || !session) {
return;
}
const expiresAt = config.generateSessionExpiresAt();
await new _RestWrite.default(config, master(config), '_Session', {
objectId: session.objectId
}, {
expiresAt: Parse._encode(expiresAt)
}).execute();
But looking at this piece of code it takes lastUpdated and yesterday and if lastUpdated is greater than yesterday it returns.
So if I've doing 60 minute sessions, well this will never actually extend the session. So for this to work a session needs to be at least 24 hours.
This isn't documented anywhere and it's counterintuitive.
Am I missing something.
Steps to reproduce
Enable extendSessionOnUse.
Set session to 60 minutes.
Perform actions for authenticated user and look at session expiry. it doesn't update.
Now set session to 48 hours.
Perform actions and notice that session expiry does update.
Actual Outcome
I expect Session expiry to update for any session duration.
Expected Outcome
I expect Session expiry to update for any session duration.
Environment
NodeJS 21
Server
- Parse Server version: `6.4
- Operating system:
Ubuntu 22 - Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc):
local
Database
- System (MongoDB or Postgres): `MongoDB
- Database version:
6.0 - Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc):
local
Client
- SDK (iOS, Android, JavaScript, PHP, Unity, etc):
REST - SDK version:
REST
Logs
N/A