Impact
For regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery payload.
Patches
Remove session token from LiveQuery payload.
Workaround
Set user.acl(new Parse.ACL()) in a beforeSave trigger to make the user private already on sign-up.
Impact
For regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the
Parse.Userclass, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery payload.Patches
Remove session token from LiveQuery payload.
Workaround
Set
user.acl(new Parse.ACL())in a beforeSave trigger to make the user private already on sign-up.