Using become() with legacy session tokens #2572
Comments
|
Did you copy all sessions into your own mongodb? |
|
We used the parse migration tool. So yes, they should be there, although just in their legacy format in the _User table - not in the _Session table. |
|
same master key and api KEY? not sure but assuming hashing is the same |
Absolutely right.
This is unlikely to happen (at least from my side)
You could very well open a pull request for that feature, but I'm not sure we want to support the legacy tokens for security concerns. Maintaining the 2 flavours of sessionToken is also something we have to consider. This is probably a good 40-80 hours of code, considering unit tests, side effects, transitioning strategies etc....
That would be what I recommend, migrate your users ASAP with new session token. |
|
Okay, thanks a lot to both of you for your help. This helps me to clearly understand our options! |
|
Glad to help. Good luck! |
Our app uses a webview for some tasks. The native mobile app loads the webview, and then passes a session token to the javascript running inside the webview. Javascript then calls become() to perform actions as the same user logged into the native app.
We have not migrated to using revocable session tokens. When I try this with our live app (using legacy parse.com) and our updated web code (using parse-server), I get "invalid session token".
Am I right in assuming the problem is that parse-server's become() does not accept our legacy session tokens?
Please help me to understand what our options are. As I see it, we could:
Any advice would be appreciated! We were thinking we were about ready to migrate but this problem has cropped up during some final testing to make sure users who haven't upgraded yet would be ok to use the parse-server version of our webapp.
The text was updated successfully, but these errors were encountered: