search

julianlam / nodebb-plugin-session-sharing

Allows login sessions from your app to persist in NodeBB
MIT License
86 stars 66 forks source link

Error too many redirects when cookie is present #136

Open arkabase opened 4 months ago

arkabase commented 4 months ago

I want to use the plugin to auth users from a wordpress site. The cookie is created on the wordpress side, and I can see it in my domain cookies in the browser dev console. The cookie payload is a valid JSON with at least id and username data, encoded as a JWT signed with the same secret as the one set in the plugin.

After the cookie is created, I can no longer access NodeBB, having a HTTP error : ERR_TOO_MANY_REDIRECTS If I delete the cookie the app is loading as usual.

I can't figure where the issue is. Can you help me with this ? Thanks

julianlam commented 4 months ago

Can you tell me where you're being redirected to? Check the dev console of your browser

arkabase commented 4 months ago

I'm redirected to the root of the forum, again and again. I've tried to query another page : it redirects to the login page, then loops on this one.

EDIT : I changed the Session Handling config from Trust to Revalidate and it works fine now with the admin account, but when authenticating with a normal user NodeBB doesn't even load and I have an gateway timeout. FYI NodeBB is behind a Nginx reverse proxy.

niklasdahlheimer commented 2 months ago

Same here for React Native WebView browser I opened a thread in the nodeBB community forum

@arkabase , are you also using react native WebView or in which browser is the redirection happening?

For me it's working on Chrome Desktop etc. but not in the React native WebView. I enabled http logging in nodeBB and indeed their seems to be a redirection loop:

37.201.xxx.xx - - [06/May/2024:06:35:08 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
37.201.xxx.xx - - [06/May/2024:06:35:08 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
37.201.xxx.xx - - [06/May/2024:06:35:08 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
37.201.xxx.xx - - [06/May/2024:06:35:08 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
[...10 more lines...]
37.201.xxx.xx - - [06/May/2024:06:35:09 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"

A working request on Chrome looks like this:

37.201.xxx.xx - - [06/May/2024:06:38:16 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
37.201.xxx.xx - - [06/May/2024:06:38:16 +0000] "GET / HTTP/1.1" 200 73109 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"