parse-dashboard 8.0.0 → 8.1.0-alpha.2

package/Parse-Dashboard/server.js

@@ -162,7 +162,13 @@ module.exports = (options) => {
   if (allowInsecureHTTP || trustProxy || dev) {app.enable('trust proxy');}
 
   config.data.trustProxy = trustProxy;
-  const dashboardOptions = { allowInsecureHTTP, cookieSessionSecret, dev, cookieSessionMaxAge };
+  const dashboardOptions = {
+    allowInsecureHTTP,
+    cookieSessionSecret,
+    dev,
+    cookieSessionMaxAge,
+    cookieSessionStore: config.data.cookieSessionStore
+  };
   app.use(mountPath, parseDashboard(config.data, dashboardOptions));
   let server;
   if(!configSSLKey || !configSSLCert){

package/README.md

@@ -803,6 +803,55 @@ If you create a new user by running `parse-dashboard --createUser`, you will be
 
  Parse Dashboard follows the industry standard and supports the common OTP algorithm `SHA-1` by default, to be compatible with most authenticator apps. If you have specific security requirements regarding TOTP characteristics (algorithm, digit length, time period) you can customize them by using the guided configuration mentioned above.
 
+### Running Multiple Dashboard Replicas
+
+When deploying Parse Dashboard with multiple replicas behind a load balancer, you need to use a shared session store to ensure that CSRF tokens and user sessions work correctly across all replicas. Without a shared session store, login attempts may fail with "CSRF token validation failed" errors when requests are distributed across different replicas.
+
+#### Using a Custom Session Store
+
+Parse Dashboard supports using any session store compatible with [express-session](https://github.com/expressjs/session). The `sessionStore` option must be configured programmatically when initializing the dashboard.
+
+**Suggested Session Stores:**
+
+- [connect-redis](https://www.npmjs.com/package/connect-redis) - Redis session store
+- [connect-mongo](https://www.npmjs.com/package/connect-mongo) - MongoDB session store
+- [connect-pg-simple](https://www.npmjs.com/package/connect-pg-simple) - PostgreSQL session store
+- [memorystore](https://www.npmjs.com/package/memorystore) - Memory session store with TTL support
+
+**Example using connect-redis:**
+
+```js
+const express = require('express');
+const ParseDashboard = require('parse-dashboard');
+const { createClient } = require('redis');
+const RedisStore = require('connect-redis').default;
+
+// Instantiate Redis client
+const redisClient = createClient({ url: 'redis://localhost:6379' });
+redisClient.connect();
+
+// Instantiate Redis session store
+const cookieSessionStore = new RedisStore({ client: redisClient });
+
+// Configure dashboard with session store
+const dashboard = new ParseDashboard({
+  apps: [...],
+  users: [...],
+}, {
+  cookieSessionStore,
+  cookieSessionSecret: 'your-secret-key',
+});
+
+**Important Notes:**
+
+- The `cookieSessionSecret` option must be set to the same value across all replicas to ensure session cookies work correctly.
+- If `cookieSessionStore` is not provided, Parse Dashboard will use the default in-memory session store, which only works for single-instance deployments.
+- For production deployments with multiple replicas, always configure a shared session store.
+
+#### Alternative: Using Sticky Sessions
+
+If you cannot use a shared session store, you can configure your load balancer to use sticky sessions (session affinity), which ensures that requests from the same user are always routed to the same replica. However, using a shared session store is the recommended approach as it provides better reliability and scalability.
+
 ### Separating App Access Based on User Identity
 If you have configured your dashboard to manage multiple applications, you can restrict the management of apps based on user identity.
 
@@ -1329,7 +1378,7 @@ To reduce the time for info panel data to appear, data can be prefetched.
 
 | Parameter                      | Type    | Optional | Default | Example | Description                                                                                                                       |
 |--------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------------------------------------------------------------------------|
-| `infoPanel[*].prefetchObjects` | Number  | yes      | `0`     | `2`     | Number of next rows to prefetch when browsing sequential rows. For example, `2` means the next 2 rows will be fetched in advance. |
+| `infoPanel[*].prefetchObjects` | Number  | yes      | `0`     | `2`     | Number of navigation steps to prefetch ahead when browsing sequential rows. For example, `2` means data for the next 2 navigation steps will be fetched in advance. When using multi-panel mode with batch navigation enabled, each navigation step corresponds to a full batch of panels, so the total number of prefetched objects will be `prefetchObjects × panelCount`. |
 | `infoPanel[*].prefetchStale`   | Number  | yes      | `0`     | `10`    | Duration in seconds after which prefetched data is discarded as stale.                                                            |
 | `infoPanel[*].prefetchImage`   | Boolean | yes      | `true`  | `false` | Whether to prefetch image content when prefetching objects. Only applies when `prefetchObjects` is enabled.                       |
 | `infoPanel[*].prefetchVideo`   | Boolean | yes      | `true`  | `false` | Whether to prefetch video content when prefetching objects. Only applies when `prefetchObjects` is enabled.                       |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "parse-dashboard",
-  "version": "8.0.0",
+  "version": "8.1.0-alpha.2",
   "repository": {
     "type": "git",
     "url": "https://github.com/parse-community/parse-dashboard"