Old Session token deleted after PFUser.login or PFUser.become

[riccardoch]

I want to offer multiple accounts on my iOS app (on Android I've already achieved that). I know the library allows only one current user and for this reason I decided to store users' session token. Once the user wants to change the account I call PFUser.become and PFUser.loginWithUsername when the user wants to add a new one. The problem is that every time I call those functions the previous session token is deleted from Database, on Android this doesn't happen.

How to reproduce the issue:

1. You need one account logged in.
2. To add a new user call PFUser.loginWithUsername providing username/password, and store the session token of the previous user.
3. Then try to login in the old user calling PFUser.become providing the stored session token; you should encounter an "Invalid session token" error, and if you check the Database you should verify that the token has been deleted.

[drdaz]

How and where are you storing the session token?

[riccardoch]

Locally on the device (using UserDefaults), without Parse SDK. On Android I've created the same flow and it works.

[nilkanth987]

I also have the same issue. Its working fine in Android SDK.

[drdaz]

Can either of you make a failing test for this?

[nilkanth987]

So I have written this code for testing

PFUser.logInWithUsername(inBackground: "user1", password: "user1", block: {user,e in
            if e==nil{
                print(PFUser.current()?.username)
                self.session1 = PFUser.current()?.sessionToken
                PFUser.logInWithUsername(inBackground: "user2", password: "user2", block: {user,e in
                    if e==nil{
                        print(PFUser.current()?.username)
                        self.session2 = PFUser.current()?.sessionToken
                        PFUser.become(inBackground: self.session1!, block: {user,e in
                            if e==nil{
                                print(PFUser.current()?.username)
                                PFUser.become(inBackground: self.session2!, block: {user,e in
                                    if e==nil{
                                        print(PFUser.current()?.username)
                                    }else{
                                        print("Error in become user2!!!")
                                    }
                                })
                            }else{
                                print("Error in become user1!!!")
                            }
                        })
                    }else{
                        print("Error in user2 login!!!")
                    }
                })
            }else{
                print("Error in user1 login!!!")
            }
        })

And the output is

Optional("user1")
Optional("user2")
2020-11-05 17:29:52.355499+0530 MultipleLoginTest[942:22112] [Error]: invalid session token (Code: 209, Version: 1.19.1)
Error in become user1!!!

[riccardoch]

Great @nilkanth987 my issue is exactly the same!

@drdaz Is it possible that the SDK makes a delete request for the previous token when a new user is logging in?

[cbaker6]

@drdaz Is it possible that the SDK makes a delete request for the previous token when a new user is logging in?

@riccardoch I think you are close. I believe only 1 session token is stored in the Keychain when a user logs in. When a user logs out, the session token is deleted. If another user signs in, the previous session token is overridden as the SDK is probably only designed to support 1 user at a time.

[cbaker6]

@nilkanth987 the flow you mentioned will definitely cause the issue I mentioned above. I don't understand what you are trying to do, once you use PFUser.logInWithUsername it automatically saves the sessionToken, any other login or use of become with a different user will overwrite the sessionToken

[cbaker6]

I think what you want to do is logout of the currentUser and then signIn as the new user. This will properly establish the needed session token

[dsp1589]

@drdaz @cbaker6 can someone take a look at this issue and PR.

https://github.com/parse-community/Parse-SDK-iOS-OSX/issues/1566

[riccardoch]

@nilkanth987 the flow you mentioned will definitely cause the issue I mentioned above. I don't understand what you are trying to do, once you use PFUser.logInWithUsername it automatically saves the sessionToken, any other login or use of become with a different user will overwrite the sessionToken

I think @nilkanth987 wants to offer multi accounts support, so the user would be able to change the account without prompting username/password every time. The method PFUser.become is perfect, but it seems previous token is deleted once the user changes account (using that function). On Android I was able to offer that, on iOS, for the moment, I've solved using cloud code.

[nilkanth987]

@nilkanth987 the flow you mentioned will definitely cause the issue I mentioned above. I don't understand what you are trying to do, once you use PFUser.logInWithUsername it automatically saves the sessionToken, any other login or use of become with a different user will overwrite the sessionToken

I think @nilkanth987 wants to offer multi accounts support, so the user would be able to change the account without prompting username/password every time. The method PFUser.become is perfect, but it seems previous token is deleted once the user changes account (using that function). On Android I was able to offer that, on iOS, for the moment, I've solved using cloud code.

Yup, that is exactly what I trying to do. I debugged and saw that the sessionToken for User1 is deleted after User2 logs in. As before PFUser.login of User2 it was available and in its callback the User1 session was deleted.

[drdaz]

Do we know how the other Parse clients handle this? JS, .NET and whatever else we cover?

I can certainly see the use-case for this, but it would be good to know what our spec is supposed to be here.

[riccardoch]

News about this issue?