Session Mismatch - Infinite loop

[RoiEXLab]

When using this plugin, with the API keys etc. setup correctly, every time I enter my valid twitter login credentials a "popup overlay" is opened telling me this:

Session Mismatch

It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.

When i click "ok", the page is reloaded and the same message appears again. This would go infinitely, unless you remove this overlay window in the html code and click logout.

Any Ideas what could be wrong?

[julianlam]

Ensure that the url is consistent in your config.json and configured with Twitter. The cookie is based on the url and you should only have one main access url for your site.

[RoiEXLab]

@julianlam I'm using the https adress wherever possible...
nginx is used to reverse proxy every https and http request to http://127.0.0.1:4567.
using other SSO plugins like facebook or github works fine

[julianlam]

Do you have cookieDomain set in your config?

[RoiEXLab]

No I haven't, should I? And if I should is this option just a value in the root json object?

[julianlam]

It's not a config.json property, it's in your database. Make sure it is not set to anything.

[RoiEXLab]

Where do I find this option/ where would I find it?

[RoiEXLab]

No it's not set...

[RoiEXLab]

Bumping this, as this issue still persists...
A possible suggestion why this may happening:
(I couldn't reproduce this issue on any other nodebb powered website)
I did a couple Test to find this out.
I remember creating my account on my website using the "default" register page (without SSO).
Trying to log in using my Twitter account via the login page without associating my account with twitter lead to this error.
BUT then I came up with the idea to associate my Twitter using the edit page of my account.
After that everything worked fine, logging in via twitter worked as expected...

[julianlam]

Thanks for the repro steps, that could potentially be something 😄

[julianlam]

Can't reproduce... I don't actually see any logic that would trip up the user creation process. We don't check emails (as twitter doesn't provide them), and if the handle is the same as an existing user, they are assigned a different username.

So at this point I'm not quite sure why your environment is different and causes this to happen 😦

[worp1900]

I can confirm this issue. I have it on my page too.

Together with these log entries:

Error: Failed to find request token in session
at SessionStore.get (/home/nodebb/schreibnacht.live/node_modules/passport-oauth1/lib/requesttoken/session.js:13:44)
at Strategy.OAuthStrategy.authenticate (/home/nodebb/schreibnacht.live/node_modules/passport-oauth1/lib/strategy.js:214:33)
at Strategy.authenticate (/home/nodebb/schreibnacht.live/node_modules/passport-twitter/lib/strategy.js:87:40)
at attempt (/home/nodebb/schreibnacht.live/node_modules/passport/lib/middleware/authenticate.js:348:16)
at authenticate (/home/nodebb/schreibnacht.live/node_modules/passport/lib/middleware/authenticate.js:349:7)
at Layer.handle [as handle_request] (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/layer.js:95:5)
at next (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/layer.js:95:5)
at /home/nodebb/schreibnacht.live/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/index.js:335:12)
at next (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/index.js:275:10)
at Function.handle (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/index.js:174:3)
at router (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/index.js:47:12)
at Layer.handle [as handle_request] (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/home/nodebb/schreibnacht.live/node_modules/express/lib/router/index.js:317:13)

Curious is that when I register with twitter (in an anonymous browser window), I am forwarded to enter my twitter credentials on the twitter API. When I do, I am redirected to my page and I get the error:

Interner Fehler.
Ups! Scheint als wäre etwas schief gelaufen!
(translates to "internal error. Ups, something went wrong!")

/auth/twitter/callback

Failed to find request token in session

When I go to register again, it seems like I am logged in in the background (the "register" and "sign in" buttons at the top right are gone).

But now I have the "session missmatch" loop @RoiEXLab describes.

In some other issue topics I got the hint to check that the website's url in twitter and in nodebb's config.json are identical.

I found this to be impossible, considering that config.json reads:

"url": "https://www.schreibnacht.de"

which causes twitter to say "callback-url invalid" when I give them

"https://www.schreibnacht.de/auth/twitter/callback"

as the callback URL.

However when creating the app with "http://schreibnacht.de/auth/twitter/callback" (http instead of https and no www) and then changing it later to "https://www.schreibnacht.de/auth/twitter/callback", they allow it.

The funny part is:
If I close the browser window (since it's anonymous) to stop the infinite loop. Then open a new browser window and first register (fails with error) then "log in" with twitter, it shows me a "authorize this app" twitter page.

So I am really curious why that didn't work during registration.

Overall this is highly mysterious for me and I'd love any help.

[julianlam]

Failed to find request token in session... that could mean that a cookie was not able to be saved, or saved under the wrong domain, perhaps?

Usually wrong domain could occur if url in config.json is incorrect (hence domain is incorrect), but it could also happen if you've overridden cookieDomain in the admin control panel, which by default is empty.

Though if you did that, even local logins would stop working.

[worp1900]

Not that I can see. This should be the right setting?

[worp1900]

Looks like I am having troubles with the Google+ SSO as well. The only thing I was able to get to work was Facebook. But I am aware that this is for a different repository.

What's the best way to debug these things?

[worp1900]

Linking julianlam/nodebb-plugin-sso-google#25

[donho]

Same here.
All my 3 browsers have such infinite loop for Session Mismatch message.
And even I clear my browser's cookies and cache, close and reopen the browsers, once I try to go to my nodebb, the infinite loop comes back.

@RoiEXLab How did you manage to remove it ?

[RoiEXLab]

@donho I don't know anymore. If I recall correctly, I tried logging in with my email directly (without SSO) which seemed to break the loop.
I don't know for sure though, could be the case that this only happens when first trying to setup SSO, and once you get into a certain state this no longer occurs

[donho]

When i click "ok", the page is reloaded and the same message appears again. This would go infinitely, unless you remove this overlay window in the html code and click logout.

I did figure out from your description. Thank you @RoiEXLab

[glassdimly]

I got the infinite loop problem when I cancelled my registration from the TOS page while testing the user login process. Problem is that I needed to log in to reset the session. Logging out didn't help. Given that I was pretending to be a new user who'd cancelled logout, this would be a problem--I wouldn't have a login to reset the session.