search

aspnet / Identity

[Archived] ASP.NET Core Identity is the membership system for building ASP.NET Core web applications, including membership, login, and user data. Project moved to https://github.com/aspnet/AspNetCore
Apache License 2.0
1.97k stars 871 forks source link

Social auth in infinite loop with cookie consent #2011

Closed natelaff closed 5 years ago

natelaff commented 5 years ago

I have a 2.1 app that isn't too far outside the standard identity code.

I configure my cookie like so:

        services.ConfigureApplicationCookie(options =>
        {
            options.AccessDeniedPath = "/Account/AccessDenied";
            options.Cookie.Name = "sitenameishere";
            options.Cookie.HttpOnly = true;
            options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
            options.LoginPath = "/Account/Login";
            options.LogoutPath = "/Account/Logout";
            options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
            options.SlidingExpiration = true;
        });

On my iPhone (I can't reproduce this on PC), after I have logged in with facebook, then it logs me out after some expiration time, when I try to log on again I get stuck in a loop with the cookie consent banner popping up. so that banner will popup, I accept, log on with facebook again, then it just takes me right back there. if I clear cookies from the mobile browser (be it safari, edge or chrome), it will work and let me log on... but eventually starts the same thing again.

natelaff commented 5 years ago

Any guidance on what might be happening here? I can only reproduce on my iPhone. Cookies are enabled there, nothing out of the ordinary.

blowdart commented 5 years ago

Dupe of https://github.com/aspnet/Announcements/issues/318