Skip to content

Session token without expiry date #2700

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
riccardoch opened this issue Sep 12, 2016 · 6 comments
Closed

Session token without expiry date #2700

riccardoch opened this issue Sep 12, 2016 · 6 comments

Comments

@riccardoch
Copy link

I use Restricted Session Token on embedded devices and I'd like to remove the expiry date, because I don't want those devices lose the access to the database.
Is it possible?
@flovilmart
Copy link
Contributor

I believe revocable session tokens don't expire automatically by default. If there something you notice that doesn't work?

@riccardoch
Copy link
Author

Thanks for the response @flovilmart
Yes, I've noticed that the tokens, on my embedded devices, after a non-specified period, which is not connected to the "expiresAt" field, disappear and my devices are not able to connect to the server anymore. To solve this I've created a way (using cloud code) to create a new session token, when the old one stops to work.

@flovilmart
Copy link
Contributor

Uhm what would be that period? the database's session tokens get flushed? that's very very odd.

@riccardoch
Copy link
Author

The period is not the same, so I can't give you a precise answer.
On embedded devices I'm using Restricted Session Token, that is the only difference with other devices.

@flovilmart
Copy link
Contributor

How do you create those restricted session tokens. I've never used them myself.

@riccardoch
Copy link
Author

riccardoch commented Sep 20, 2016
edited
Loading

To get a Restricted Session Token you need a working token. For example I create new tokens from my mobile app when I configure new embedded devices.
At first I get the current user session token, then I make a POST request to my Parse Server to get the restricted Session Token.

The resource where I found how to do it:
http://parseplatform.github.io/docs/rest/guide/#creating-sessions

Here is my code in Swift:

func getParseRestrictedSessionToken(userSessionToken: String!, completion: ((success: Bool, error: String, token: String!) -> Void)!) {

    if let userSessionToken = PFUser.currentUser()?.sessionToken {

        let data: [String: String] = ["deviceType":"embedded"]

        if NSJSONSerialization.isValidJSONObject(data) {
            do {
                let request = NSMutableURLRequest()

                let url = NSURL(string: PARSE_SERVER_URI + "sessions")

                request.URL = url
                request.HTTPMethod = "POST"
                request.addValue(PARSE_APP_ID, forHTTPHeaderField: "X-Parse-Application-Id")
                request.addValue(PARSE_REST_API_KEY, forHTTPHeaderField: "X-Parse-REST-API-Key")
                request.addValue((userSessionToken), forHTTPHeaderField: "X-Parse-Session-Token")
                request.addValue("application/json", forHTTPHeaderField: "Content-Type")
                request.addValue("application/json", forHTTPHeaderField: "Accept")
                request.HTTPBody = try NSJSONSerialization.dataWithJSONObject(data, options:  NSJSONWritingOptions(rawValue:0))

                let task = NSURLSession.sharedSession().dataTaskWithRequest(request, completionHandler: { (data, response, error) in

                    if error != nil {
                        let success = false
                        completion(success: success, error: (error?.localizedDescription)!, token: nil)
                    }
                    else{

                        // JSON
                        do {
                            let jsonResult = try NSJSONSerialization.JSONObjectWithData(data!, options: []) as! [String: AnyObject]

                            var sessionToken: String = ""
                            if let token = jsonResult["sessionToken"] as? String {
                                sessionToken = token
                            }

                            var error = ""
                            if let err = jsonResult["error"] as? String {
                                error = err
                            }

                            let success = true
                            completion(success: success, error: error, token: sessionToken)

                        }
                        catch{}
                    }
                })
                task.resume()
            }
            catch{}
        }
    }
}

Here is my code in Python:

def getRestrictedSessionToken(currentUserToken):

    restrictedToken = None
    error = None

    try:
        connection = httplib.HTTPSConnection(ParseServer.SERVER_URI, ParseServer.PORT)
        connection.connect()
        connection.request('POST', '/parse/sessions', '', {
           "X-Parse-Application-Id": ParseServer.APP_ID,
           "X-Parse-REST-API-Key": ParseServer.REST_API_KEY,
           "X-Parse-Session-Token": currentUserToken
           "Content-Type": "application/json"
         })
        result = json.loads(connection.getresponse().read())
        print result

        if "sessionToken" in result:
            restrictedToken = result["sessionToken"]
        elif "code" in result and "error" in result:
            error = result

    except Exception, e:
        error = str(e)
        print error

    return restrictedToken, error

@hramos hramos closed this as completed Nov 29, 2016
@TomWFox TomWFox mentioned this issue Feb 24, 2021
Closed
@snyk-bot snyk-bot mentioned this issue Apr 7, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hramos @flovilmart @riccardoch