So trying to create the OIDC OP iFrame and verify a session is still valid but always getting changed.
After a lot of debugging, I found that the server side code is using a value of undefined for the state at sessionState.js line 13
This results in the hashed values on the client and server being different.
From my test:
Server side value hashed: 7721fcd4-53fb-4fa5-abd7-8adc284dc6ac https://oidctest.example.com:8443 d1e00ab13b365b833193f5ca330d6b79
Client side value hashed: 7721fcd4-53fb-4fa5-abd7-8adc284dc6ac https://oidctest.example.com:8443 e7b3b9fc97a0c4a3e92c1f5d98b897935447b6959607374ef5384d60f689f5b92d9709201bbbc84ad52aa834935348a5bc82d626133421514e399a33327f15dde03754dfbe5624cce0ef59b68a8606dd0f4f3744049bbb031ea0bee032a2a177a51bb8ee97a0b846a70b27d76bfa1a68b372018239df0683d1c70825609d8bd6621411d2e311084356168dfe0324c598bac8aa07e497ecdae3a084b32a09053dfeb039f82a1948852823044c4331a710bf5e2296b0142f56ae6ed7cfc8e1eb24dfe20b60ccc7fb7a0b75d6d03f35c0a040958ec3354bfab6aa4a8c012fe9b0bd24cc3c28e8ac9b675d8fc36d965ba82d5d442fd263757cf9d018b94a7a413fdf d1e00ab13b365b833193f5ca330d6b79
So trying to create the OIDC OP iFrame and verify a session is still valid but always getting changed.
After a lot of debugging, I found that the server side code is using a value of undefined for the state at sessionState.js line 13
This results in the hashed values on the client and server being different.
From my test:
Server side value hashed:
7721fcd4-53fb-4fa5-abd7-8adc284dc6ac https://oidctest.example.com:8443 d1e00ab13b365b833193f5ca330d6b79
Client side value hashed:
7721fcd4-53fb-4fa5-abd7-8adc284dc6ac https://oidctest.example.com:8443 e7b3b9fc97a0c4a3e92c1f5d98b897935447b6959607374ef5384d60f689f5b92d9709201bbbc84ad52aa834935348a5bc82d626133421514e399a33327f15dde03754dfbe5624cce0ef59b68a8606dd0f4f3744049bbb031ea0bee032a2a177a51bb8ee97a0b846a70b27d76bfa1a68b372018239df0683d1c70825609d8bd6621411d2e311084356168dfe0324c598bac8aa07e497ecdae3a084b32a09053dfeb039f82a1948852823044c4331a710bf5e2296b0142f56ae6ed7cfc8e1eb24dfe20b60ccc7fb7a0b75d6d03f35c0a040958ec3354bfab6aa4a8c012fe9b0bd24cc3c28e8ac9b675d8fc36d965ba82d5d442fd263757cf9d018b94a7a413fdf d1e00ab13b365b833193f5ca330d6b79
To reproduce this, add console logging of
value
in sessionState.js at line 13 and add console logging ofinput
at line 109 of session.jsAnd then restart Connect, sacrifice a small wooden badger to the web browser gods and pray you can get your browser to reload session.js.