Closed
Description
Issue Description
We are finding that the REST API sessions GET request returns incorrect sessionToken for the numerous sessions associated with the user.
In all JSON objects, the sessionToken field is displayed as the same current sessionToken value.
Steps to reproduce
GET /sessions HTTP/1.1
Host: myapi.herokuapp.com
X-Parse-Application-Id: myapp
X-Parse-Session-Token: r:ea246c1fae8f5d6c152d2d9ec2168f68
returns the following JSON:
{
"results": [
{
"objectId": "cxNm3d8EeS",
"sessionToken": "r:ea246c1fae8f5d6c152d2d9ec2168f68",
"user": {
"__type": "Pointer",
"className": "_User",
"objectId": "lUOfchujyU"
},
"createdWith": {
"action": "signup",
"authProvider": "password"
},
"restricted": false,
"installationId": "c0555fc0-9f50-d9c8-d499-6a413d4a6506",
"expiresAt": {
"__type": "Date",
"iso": "2017-09-30T21:04:02.258Z"
},
"createdAt": "2017-07-30T21:04:02.258Z",
"updatedAt": "2017-07-30T21:04:02.258Z"
},
{
"objectId": "butKoFyNou",
"sessionToken": "r:ea246c1fae8f5d6c152d2d9ec2168f68",
"user": {
"__type": "Pointer",
"className": "_User",
"objectId": "lUOfchujyU"
},
"createdWith": {
"action": "login",
"authProvider": "password"
},
"restricted": false,
"expiresAt": {
"__type": "Date",
"iso": "2018-07-30T21:08:20.977Z"
},
"createdAt": "2017-07-30T21:08:20.978Z",
"updatedAt": "2017-07-30T21:08:20.978Z"
},
{
"objectId": "WqAN40t0r1",
"sessionToken": "r:ea246c1fae8f5d6c152d2d9ec2168f68",
"user": {
"__type": "Pointer",
"className": "_User",
"objectId": "lUOfchujyU"
},
"createdWith": {
"action": "login",
"authProvider": "password"
},
"restricted": false,
"expiresAt": {
"__type": "Date",
"iso": "2018-08-13T14:37:35.756Z"
},
"createdAt": "2017-08-13T14:37:35.757Z",
"updatedAt": "2017-08-13T14:37:35.757Z"
}
]
}
Expected Results
The session token in all but the top result is different on the database.
Environment Setup
- Server
- parse-server version (Be specific! Don't say 'latest'.) : 2.6.5
- Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): Heroku