Parse-server does not flag manually created session as "restricted"

[reallyimeric]

Issue Description

Parse server did not created a restricted session as described on https://docs.parseplatform.org/rest/guide/#creating-sessions and https://docs.parseplatform.org/rest/guide/#session-properties

Steps to reproduce

curl -X POST \
-H "X-Parse-Application-Id: ${APPLICATION_ID}" \
-H "X-Parse-Session-Token: r:a161b67134500f0a822403746ddef79d" \
-H "Content-Type: application/json" \
-d '{}' \
http://localhost:1337/parse/sessions

Expected Results

A session instance with restricted field set to true is created.

Actual Outcome

A session instance with restricted field set to false is created.

Environment Setup

• Server

  • parse-server version (Be specific! Don't say 'latest'.) : 3.0.0
  • Operating System: arch linux, with kernel 4.18.5, glibc 2.28 and nodejs 10.9.0
  • Hardware: x86, Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
  • Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): localhost

• Database

  • MongoDB version: mongodb 3.6.5 WiredTiger: 3.0.1: (January 8, 2018)
  • Storage engine: WiredTiger
  • Hardware: the same with server
  • Localhost or remote server? (AWS, mLab, ObjectRocket, Digital Ocean, etc): the same with server

Logs/Trace

verbose: REQUEST for [POST] /parse/sessions: {} method=POST, url=/parse/sessions, host=localhost:1337, user-agent=curl/7.61.0, accept=*/*, x-parse-application-id=myAppId, x-parse-session-token=r:a161b67134500f0a822403746ddef79d, content-type=application/json, content-length=2,
verbose: RESPONSE from [POST] /parse/sessions: {
  "status": 201,
  "location": "http://localhost:1337/parse/classes/_Session/TSqPEESGyA",
  "response": {
    "sessionToken": "r:ab1c8b7336d14367f42f8aa90b7e32a4",
    "user": {
      "__type": "Pointer",
      "className": "_User",
      "objectId": "io4RhSnV2Z"
    },
    "createdWith": {
      "action": "create"
    },
    "restricted": false,
    "expiresAt": {
      "__type": "Date",
      "iso": "2019-09-11T00:30:30.972Z"
    },
    "objectId": "TSqPEESGyA"
  }
} status=201, location=http://localhost:1337/parse/classes/_Session/TSqPEESGyA, sessionToken=r:ab1c8b7336d14367f42f8aa90b7e32a4, __type=Pointer, className=_User, objectId=io4RhSnV2Z, action=create, restricted=false, __type=Date, iso=2019-09-11T00:30:30.972Z, objectId=TSqPEESGyA

[flovilmart]

I’m not sure the restricted flag is in used anywhere anymore. Is it something you’d be willing to fix?

[reallyimeric]

I'm a new guy to parse series and I have not met parse.com before. Maybe it's too hard for me to implement this. So is restricted session obsoleted by parse server?

[flovilmart]

I don’t believe it’s in use nor that the restricted flag has any effect. Ensuring it’s set to false should be a good first task, to get to explore the code base.

[reallyimeric]

Thanks for replying. I will avoid using this.

[flovilmart]

There should be no issue with those sessions either. You don’t need to avoid them.