req.user undefined when calling cloud function with sessionToken after about a week

[refre5h]

Issue Description

I have a web app that stores sessionToken in cookie session.token. It will make GET or POST requests to the server which will then use Parse.Cloud.run("<cloud function>", {<params>}, {sessionToken: req.session.token}) to call a cloud function to get data.

When server is freshly (re)started, everything is normal, all cloud functions called by the above method have valid request.user. However, after it's running for about a week, req.user will become undefined. Logging out and logging back in, which refreshes the session token in the client, does not fix the issue. Restarting the server fixes the issue.

This has been happening for a few times now, and I've make some changes to the server-side login and storing/passing the token from web page to server, but it continues to happen. Not sure if it's my implementation, or an issue with the server. Would love some help here.

My Implementation

Server-side login:

app.use(function(req, res, next) {
    if (req.session && req.session.token) {
        Parse.Cloud.httpRequest({
          url: serverURL + '/users/me',
          headers: {
            'X-Parse-Application-Id': process.env.APP_ID,
            'X-Parse-REST-API-Key': process.env.REST_API_KEY,
            'X-Parse-Session-Token': req.session.token
          }
        }).then(function (httpResponse) {
          req.user = httpResponse.data;
          next();
        }, function(httpError){
          req.session = null;
          req.user = null;
          next();
        })
    } else {
        next();
    }
});

app.post('/login', function (req, res) {
    var redirect = req.body.redirect;
    var role = req.body.role;
    var username = req.body.username.toLowerCase();
    var password = req.body.password;
    Parse.User.logIn(username, password).then(function(user){
      req.session.token = user.getSessionToken();  // pass session token to web client
      res.send({redirect: '/' + redirect + "?role=" + role});
    }, function(error){
      res.status(401).send("Invalid email and password combination.");
    })
})

The POST request for data:

  app.post("/get-todos", function(req, res) {
    console.log(":::get-todos called by " + req.user.id + " with token " + req.session.token);
    Parse.Cloud.run("getTodos", {
      <some params>
    }, {
      sessionToken: req.session.token
    }).then(function(payload){
      res.status(200).send(payload);
    }, function(error) {
      res.status(500).send(error);
    })
  })

The cloud function that gets the data:

Parse.Cloud.define("getTodos", function(request, response) {
    if (!request.user) return response.error("you are not a user") // this becomes undefined after server is running for about a week.
    var todoQuery = new Parse.Query("Todo");
    todoQuery.equalTo("user", request.user);
    todoQuery.find().then(function(results){
        response.success(results)
    }, function(error){
        response.error(error);
    })
})

Environment Setup

• Server

  • "parse-server": "<2.3.0"
  • "cookie-session": "^2.0.0-alpha.1"
  • AWS Elastic Beanstalk

• Database

  • mongod version: 3.0.12 (MMAPv1)

Logs/Trace

Dec 29 22:51:24 <web-prod> nodejs.log:  :::get-todos called by n3PcxEBKRK with token r:ad92c8416c09260349e5f40606a82954
Dec 29 22:51:24 <web-prod> nodejs.log:  error: Failed running cloud function getTodos for user undefined with:
Dec 29 22:51:24 <web-prod> nodejs.log:    Input: {<some params>}
Dec 29 22:51:24 <web-prod> nodejs.log:    Error: {"code":141,"message":"you are not a user"} functionName=getTodos, code=141, message=you are not a user, <some params>, user=undefined
Dec 29 22:51:24 <web-prod> nodejs.log:  error: Error generating response. ParseError { code: 141, message: 'you are not a user' } code=141, message=you are not a user

[refre5h]

I should also add that the iOS app, which calls the cloud function directly, doesn't have the issue.

[araskin]

I am not really an expert on these things but would it just indicate the the cookie has expired (on the client) after a week? Obviously not an issue in iOs but perhaps something in your browser?

[refre5h]

@araskin but logging out and re-logging back in, which should refresh the token on the client, also doesn't work... I will have to wait till it happens again and see if clearing the cookie would fix it.

[araskin]

Interesting. So what happens during the log out/log in process? Does you get back a session token after successful login?

[ghost]

what happened with this resolution? I'm having the same issue, restarting parse-server makes the passed sessiontoken be recognized as a user in cloud code calls until i log out and log in again then its undefined again

[flovilmart]

@aPatrickStar, what version are you running? Please update to the latest and reopen a new issue if it persists