Clarify Parse Documentation

[Polarbear2121]

Under Sessions -> Session Security

Session objects can only be accessed by the user specified in the user field. All Session objects have an ACL that is read and write by that user only. You cannot change this ACL. This ACL will be created with a public read and write, however, a Class Level Permission will block the ACL. This means querying for sessions will only return objects that match the current logged-in user.

[dplewis]

Which doc are you looking at?

[Polarbear2121]

Rest Api. @montymxb

[montymxb]

@jferrer21 Yep we talked about this, thanks for opening the issue.

@dplewis There is a discrepancy in the docs regarding the REST security section. The first paragraph contains:

All Session objects have an ACL that is read and write by that user only.

The next paragraph contains:

When you log in a user via /parse/login, Parse will automatically create a new unrestricted Session object in the Parse Cloud.

Those statements are conflicting. There is no limiting ACL being set on session objects, but the objects may only be accessed by the owner (unless using the master key). The behavior is fine, it's just the wording is odd. Should be corrected.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[parse-github-assistant]

The label type:feature cannot be used in combination with type:improvement, type:docs.