Parse Server: Handling errors with code 209 "Session token is expired." for automatic (anonymous) users

1,218 views
Skip to first unread message

Alexander Gingell

unread,
May 31, 2018, 8:54:20 AM5/31/18
to NodeChef
My iOS app uses Parse Server's automatic user feature, namely users do not have to provide login credentials, but instead are logged in automatically and anonymously. These are not users that have been migrated from Parse.com, but automatic users with revocable sessions generated by hosted Parse Server.

Our client-side Parse initialisation looks like this:

[Parse initializeWithConfiguration:[ParseClientConfiguration configurationWithBlock:^(id<ParseMutableClientConfiguration> _Nonnull configuration) {
    configuration.applicationId = <our app id>;
    configuration.clientKey = <our client key>;
    configuration.server = <our server>; }]];
 
// Users
[PFUser enableRevocableSessionInBackground];
[PFUser enableAutomaticUser];
[PFACL setDefaultACL:[PFACL ACL] withAccessForCurrentUser:YES];

On the server, "Expire inactive session" is YES, and "Revoke session on password reset" is YES. Session length is 1 year in seconds. I do not fully understand what constitutes an "inactive" session as far as "Expire inactive session" goes, and exactly what "Expire" constitutes - deletion from the database, or just making the token invalid. It seems to me that the session remains valid simply for "session length" after its inception, regardless of other factors. 

Based on that understanding, everything works as expected - the user can communicate with the database - and at the 1 year mark, the session token appears to expire naturally.

With a standard login flow, one would clearly then display a screen allowing the user to login and refresh their token.  However, in the case of automatic or anonymous users, that makes no sense - they never entered any login credentials, and so they have no means of refreshing their credentials manually.

Given that automatic user is enabled, I would have expected that Parse Server would automatically generate a new session token for a user with anonymous credentials.  Instead, any interaction with the server or database fails with Error Domain=Parse Code=209 "Session token is expired." UserInfo={code=209, temporary=0, error=Session token is expired., NSLocalizedDescription=Session token is expired.} 

Can anyone help me with a solution?

I am using Parse Server v2.3.2 with MongoDB v3.0.12, and iOS Parse SDK v1.17.1.  I can look to upgrade to the latest versions, but I want to take the time to understand what the problem is first, and if/how this may solve the problem.

Deleting the app and reinstalling it fixes the problem, because a NEW automatic user is generated and a fresh session token is provided for the "new" anonymous user.

I would like to implement a solution that simply grants a new session token for anonymous users with an expired token. It seems as though I must set a finite session length, and I would rather not just set it to 100 years - it does not solve the problem for existing users and seem like a hack.

Thank you for your help.

Kind regards,
Alex

Alexander Gingell

unread,
May 31, 2018, 10:05:10 AM5/31/18
to NodeChef
Also, I note that in Parse Server's authentication tab "App authentication settings", that "Enable Anonymous Authentication" is actually set to NO.

My understanding here is that this would simply let users communicate with Parse server without a valid session token or valid PFUser object.  This is not really what we want - we want a valid anonymous PFUser to communicate, as we may later want to transition then to a regular PFUser.

Alexander Gingell

unread,
May 31, 2018, 10:47:23 AM5/31/18
to NodeChef
I've tried switching "Enable Anonymous Authentication" to YES, but we still see the same errors.

Alexander Gingell

unread,
May 31, 2018, 2:13:23 PM5/31/18
to NodeChef
Please see this thread on Parse Server Github.

It is a known issue, and Parse plan to do something about it.

In the meantime, please could someone from Nodechef comment on:
- what is the best way to set the expiredAt field for all sessions in a database of 3.2 million entries?
- when we will see support for the latest versions of Parse Server (2.7.2 is the latest available version, though the open source is at 2.8.0). When a fix is implemented for this issue it would be amazing if it we could get prompt access to it.
- when the latest versions of Node.js will be tested? The current tested recommendations are very old (6.11 and before).

We switched to Node.js v7.10.1 during our testing related to this issue (Parse Server v2.7.2).  The server would not boot with v8.9.0.  We saw memory usage jump considerably on our container (it doubled).

Thank you for any help.

Alex

in...@nodechef.com

unread,
May 31, 2018, 5:00:57 PM5/31/18
to NodeChef
Find below answers to your queries:

- what is the best way to set the expiredAt field for all sessions in a database of 3.2 million entries?
You will have to log in directly to the MongoDB database and issue an update statement directly to the database. This is the best approach i can think of.

- when we will see support for the latest versions of Parse Server (2.7.2 is the latest available version, though the open source is at 2.8.0). When a fix is implemented for this issue it would be amazing if it we could get prompt access to it.
We intend to have this version on NodeChef by end of day tomorrow, latest by Monday.

- when the latest versions of Node.js will be tested? The current tested recommendations are very old (6.11 and before).
You can use version 7.9.0 which we have tested. We however intend to support arbitrary versions of Node.js when we release Parse Server 2.8.0

Alexander Gingell

unread,
May 31, 2018, 5:19:42 PM5/31/18
to NodeChef

Thanks for your response, and recommendations regarding Node.js.


I just updated all our sessions giving them an expiresAt date in 2021, and I can confirm that this appears to fix the error code 209 issue (or at least works around it until a solution is implemented in Parse Server). I was working with users with this issue, and the second I did that, all the problems righted themselves and they were able to synchronise with our database. I haven't seen a "Session token is expired" error since doing that.


We still seem to get some "invalid session token" and

Error handling request: ParseError
{
  "code": 101,
  "message": "invalid session"
}

invalid session

errors in the logs. We also still see:

Error generating response. ParseError
{
  "code": 206,
  "message": "Cannot modify user KlL6zbXkSU."
}

Cannot modify user KlL6zbXkSU.

and

BadRequestError: request aborted 
at IncomingMessage.onAborted (/bundle/node_modules/body-parser/node_modules/raw-body/index.js:231:10) 
at emitNone (events.js:86:13) 
at IncomingMessage.emit (events.js:188:7) 
at abortIncoming (_http_server.js:381:9) 
at socketOnClose (_http_server.js:375:3) 
at emitOne (events.js:101:20) 
at Socket.emit (events.js:191:7) 
at TCP._handle.close [as _onclose] (net.js:511:12)

This last error only started appearing today after I migrated from Parse Server v2.3.2 / Node.js v6.11.1. We have about 45k DAU today, and I'm seeing these bad requests or 'cannot modify user' errors every 5-10 minutes or so in the logs.


I downgraded to Parse v2.3.2 and Node.js v6.11.1. I no longer see BadRequestError request aborts, though 101, 206 errors still persist. I realise we're now off-topic, but it's not clear why users can't be modified or sessions are invalid.


Do you have any ideas what could be causing these issues?

Reply all
Reply to author
Forward
0 new messages