fix: Session token expiration unchecked on cache hit

[mtrezza]

Summary

• Stores expiresAt alongside user data in the session cache
• Checks expiresAt on cache hits and rejects expired sessions
• Evicts expired cache entries on detection

Test plan

• Added test: expired session token rejected even when served from cache
• Verified existing expired session tests still pass
• Tested on MongoDB and Postgres
• Linter passes

Summary by CodeRabbit

• Tests

  • Added test verifying expired session tokens are rejected when retrieved from cache.

• Bug Fixes

  • Implemented session token expiration validation for cached sessions. Expired tokens are now detected and removed from cache, preventing unauthorized access with stale credentials.

[parse-github-assistant]

🚀 Thanks for opening this pull request! We appreciate your effort in improving the project. Please let us know once your pull request is ready for review.

Note

Please respond to review comments from AI agents just like you would to comments from a human reviewer. Let the reviewer resolve their own comments, unless they have reviewed and accepted your commit, or agreed with your explanation for why the feedback was incorrect.

Caution

Pull requests must be written using an AI agent with human supervision. Pull requests written entirely by a human will likely be rejected, because of lower code quality, higher review effort and the higher risk of introducing bugs. Please note that AI review comments on this pull request alone do not satisfy this requirement.

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes add expiration timestamp validation for cached session tokens. The authentication system now stores an expiresAt timestamp with cached session data and validates it on retrieval, deleting expired cached tokens and throwing an error. A new test verifies this behavior.

Changes

Cohort / File(s)	Summary
Session Token Expiration Cache Validation spec/ParseUser.spec.js, src/Auth.js	Implements session token expiration checking for cached tokens by storing expiresAt timestamp with cached user data and validating it on retrieval; includes test coverage confirming expired sessions are rejected even when served from cache.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description covers the approach and test plan but lacks explicit Issue section and doesn't fully follow the template structure with all required sections.	Add an Issue section linking or describing the security issue being fixed, and ensure all template sections are properly addressed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately describes the main change: adding expiration validation for cached session tokens, which is the core purpose of the PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.61%. Comparing base (4f53ab3) to head (322bfe6).
⚠️ Report is 94 commits behind head on alpha.

Additional details and impacted files

@@           Coverage Diff           @@
##            alpha   #10194   +/-   ##
=======================================
  Coverage   92.61%   92.61%           
=======================================
  Files         192      192           
  Lines       16255    16259    +4     
  Branches      190      190           
=======================================
+ Hits        15055    15059    +4     
  Misses       1187     1187           
  Partials       13       13           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[parseplatformorg]

🎉 This change has been released in version 9.6.0-alpha.16

[parseplatformorg]

🎉 This change has been released in version 9.6.0