Wrongly generate _Session when login by Facebook

[tobernguyen]

Here is how to reproduce:

• My database is clean.
• My browser is clean (by localStorage.clear())
• I logged in with my Facebook account
• => Parse Server create new user with objectId: PRGzlgxcoE
• => Parse Server create _Session with user column point to PRGzlgxcoE, which is correct
• I logged out (by Parse.User.logOut())
• I logged in again with same Facebook account
• => This time, Parse Server modified the last created session, as I know, what it did is refreshing the token, BUT IT ALSO CHANGE THE user column to an unknown object: L1wysagBDK (which should be PRGzlgxcoE).
• And of course after that, I became an invalid user because my sessionToken is not pointed to me. Which made any cloud function I call is not from authenticated user (request.user is null).

Bonus step:

• Now I don't log out by Parse.User.logOut(), I use: localStorage.clear(), which will also clear the Installation of Parse and the current logged in user.
• I logged in again with same Facebook account
• => Parse Server create new _Session with user column point to another unknown object: C40NzjGJen

Every time I try to sign out or clear local storage, Parse Server will create(modify) a session with invalid user column.
But if I change to api.parse.com endpoint, this does not happen at all, all session is generated with correct user column.

Note that, the api.parse.com and my Parse Server point to the same mongo database, with same AppID and MasterKey.

I've tested this on Parse Server 2.1.6 and 2.1.2.

[gfosco]

Fixed by 857, will be in next release. 👍