0
if let cachedUser = PFUser.current() {
    // proceed to save some objects
} else {
    PFAnonymousUtils.logIn{ (user, error) in
        // proceed to save some objects
        if ((error as NSError).code == 209) {
            // session expired, logout and call PFAnonymousUtils.logIn again later
            PFUser.logOut()
        }
    }
}

For a simple Swift mobile app, we save data on parse backend anonymously. If there is session expiration error (1 year default on Parser server), we will have to do something about it or we wont be able to save anything anymore. We therefore logout and re-login again.

Once we logout and re-login again, this creates a second new User on the backend.

This creates a problem - we no longer have an accurate picture of the number of users on the backend.

What was wrong in the flow above? Is there a way to prevent duplicated anonymous user when handling expired session?

Tom Fox
  • 897
  • 3
  • 14
  • 34
mkto
  • 4,584
  • 5
  • 41
  • 65
  • 1
    I'm not certain but I would say this is expected behaviour, the whole point on anonymous users is that they are anonymous if their 'accounts' could be logged back into after the session has expired that would be a security vulnerability. Is there any reason you can't extend the session duration? – Tom Fox Apr 08 '20 at 13:35
  • @TomFox yes I was thinking setting a longer session duration, e.g. 5 years instead of 1 year, is theoretically delaying the problem. But yes I guess I will do that. Thank :) – mkto Apr 09 '20 at 03:42
  • 1
    you might find this thread useful - https://github.com/parse-community/parse-server/issues/4799. Particularly the use of `expireInactiveSessions: false` in server config to stop sessions from expiring - but I’m not sure of the full implications of this. – Tom Fox Apr 09 '20 at 14:59
  • @TomFox that is super relevant. I will definitely give it a try! you can also publish this as an answer. – mkto Apr 09 '20 at 15:37
  • @TomFox this worked. expireInactiveSessions: false is the answer to this question! – mkto Apr 14 '20 at 03:45

1 Answers1

0

It is possible to increase the default session duration in your server configuration.

You can also add the code below to your server configuration...

expireInactiveSessions: false

This thread may provide further useful insights into this issue.

Tom Fox
  • 897
  • 3
  • 14
  • 34