fix: Parse Server option extendSessionOnUse not working for session lengths < 24 hours

spec/Auth.spec.js

@@ -260,3 +260,24 @@ describe('Auth', () => {
     });
   });
 });
+
+describe('extendSessionOnUse', () => {
+  it(`shouldUpdateSessionExpiry()`, async () => {
+    const { shouldUpdateSessionExpiry } = require('../lib/Auth');
+    let update = new Date(Date.now() - 86410 * 1000);
+
+    const res = shouldUpdateSessionExpiry(
+      { sessionLength: 86460 },
+      { updatedAt: update }
+    );
+
+    update = new Date(Date.now() - 43210 * 1000);
+    const res2 = shouldUpdateSessionExpiry(
+      { sessionLength: 86460 },
+      { updatedAt: update }
+    );
+
+    expect(res).toBe(true);
+    expect(res2).toBe(false);
+  });
+});

src/Auth.js

@@ -67,6 +67,17 @@ function nobody(config) {
   return new Auth({ config, isMaster: false });
 }
 
+/**
+ * Checks whether session should be updated based on last update time & session length.
+ */
+function shouldUpdateSessionExpiry(config, session) {
+  const resetAfter = config.sessionLength / 2;
+  const lastUpdated = new Date(session?.updatedAt);
+  const skipRange = new Date();
+  skipRange.setTime(skipRange.getTime() - resetAfter * 1000);
+  return lastUpdated <= skipRange;
+}
+
 const throttle = {};
 const renewSessionIfNeeded = async ({ config, session, sessionToken }) => {
   if (!config?.extendSessionOnUse) {
@@ -88,10 +99,7 @@ const renewSessionIfNeeded = async ({ config, session, sessionToken }) => {
         const { results } = await query.execute();
         session = results[0];
       }
-      const lastUpdated = new Date(session?.updatedAt);
-      const yesterday = new Date();
-      yesterday.setDate(yesterday.getDate() - 1);
-      if (lastUpdated > yesterday || !session) {
+      if (!shouldUpdateSessionExpiry(config, session) || !session) {
         return;
       }
       const expiresAt = config.generateSessionExpiresAt();
@@ -579,6 +587,7 @@ module.exports = {
   maintenance,
   nobody,
   readOnly,
+  shouldUpdateSessionExpiry,
   getAuthForSessionToken,
   getAuthForLegacySessionToken,
   findUsersWithAuthData,

src/Options/Definitions.js

@@ -259,7 +259,8 @@ module.exports.ParseServerOptions = {
   },
   extendSessionOnUse: {
     env: 'PARSE_SERVER_EXTEND_SESSION_ON_USE',
-    help: 'Whether Parse Server should automatically extend a valid session by the sessionLength',
+    help:
+      "Whether Parse Server should automatically extend a valid session by the sessionLength. In order to reduce the number of session updates in the database, a session will only be extended when a request is received after at least half of the current session's lifetime has passed.",
     action: parsers.booleanParser,
     default: false,
   },

src/Options/index.js

@@ -228,7 +228,7 @@ export interface ParseServerOptions {
   /* Session duration, in seconds, defaults to 1 year
   :DEFAULT: 31536000 */
   sessionLength: ?number;
-  /* Whether Parse Server should automatically extend a valid session by the sessionLength
+  /* Whether Parse Server should automatically extend a valid session by the sessionLength. In order to reduce the number of session updates in the database, a session will only be extended when a request is received after at least half of the current session's lifetime has passed.
   :DEFAULT: false */
   extendSessionOnUse: ?boolean;
   /* Default value for limit option on queries, defaults to `100`.