No valid session was found matching that sid and client secret

[dev4223]

I have a matrix synapse and mxisd installation on debian stretch working. Only thing is, that I can't validate any email address. Email is sent but after clicking on the link i get the backend page with this message:

{"errcode":"M_NO_VALID_SESSION","error":"No valid session was found matching that sid and client secret","success":false}

This is the log output from mxisd:

Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.session.SessionManager - Server 127.0.0.1 is asking to create session for io.kamax.matrix.ThreePid@3e5a164e (Attempt #1) - Next link: null
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.session.SessionManager - No existing session for io.kamax.matrix.ThreePid@3e5a164e
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.session.SessionManager - Generated new session 1551910946043 to validate io.kamax.matrix.ThreePid@3e5a164e from server 127.0.0.1
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.session.SessionManager - Stored session 1551910946043
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.session.SessionManager - Session 1551910946043 for io.kamax.matrix.ThreePid@3e5a164e: sending validation notification
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.threepid.generator.GenericTemplateNotificationGenerator - Generating notification content for 3PID Session validation
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.threepid.connector.email.EmailSmtpConnector - Sending invite to my@email.net via SMTP using v078727.kasserver.com:587
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.threepid.connector.email.EmailSmtpConnector - Connecting to mx.emailserver.com:587
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.threepid.connector.email.EmailSmtpConnector - Using SMTP authentication
Mar 06 23:22:26 debian-server mxisd[20704]: [XNIO-1 task-3] INFO io.kamax.mxisd.threepid.connector.email.EmailSmtpConnector - Invite to my@email.net was sent
Mar 06 23:22:44 debian-server mxisd[20704]: [XNIO-1 task-4] INFO io.kamax.mxisd.http.undertow.handler.identity.v1.SessionValidateHandler - Validating session null for medium email
Mar 06 23:22:44 debian-server mxisd[20704]: [XNIO-1 task-4] INFO io.kamax.mxisd.http.undertow.handler.BasicHttpHandler - Request GET http://my.matrixserver.de/_matrix/identity/api/v1/validate/email/submitToken - Error M_NO_VALID_SESSION: No valid session was found matching that sid and client secret

Do you have any ideas about this error message?

[maxidorius]

I've fix the log so it shows as codeblock, easier to read!

Could you give us the following info:

• Which version of mxisd are you using and how did you install it
• Which version of synapse are you using

[dev4223]

I've installed the lates matrix synapse package for debian stretch yesterday: Package: matrix-synapse-py3 Version: 0.99.2+stretch1

and installed the latest stable mxisd package for debain today: mxisd_1.3.1_all.deb

[maxidorius]

Could you please provide the link here, changing your domain if needed, but putting the rest of the URL verbatim? I would like to make sure the info in the email sent is right first. If you would rather not post it publicly, you can send it to me via email (see my github profile) or on Matrix (@max:kamax.io)

[maxidorius]

Thanks for sending it - I can confirm it looks good. I'll investigate for a regression and let you know ASAP, but will update this in a few days either way.

[dev4223]

Thanks, thats good news and I'll wait. Could it be, that the BasicHttpHandler sends his request per GET to http://my.matrixserver.de/_matrix/identity/api/v1/validate/email/submitToken (via HTTP) but the web server as a redirect directive and so sending this request to HTTPS, and this is another, a new session?

[maxidorius]

Everything is HTTPS by default in mxisd. it would only be HTTP if you changed the config, in which case your setup is not supported.

[dev4223]

Mh, but the "GET http://my.server...." is in the logs of mxisd. So something requests via HTTP. Or do I oversee something?

[maxidorius]

The reverse proxy is doing the HTTPS, not mxisd. mxisd would see everything at HTTP. It's not of concern here and has nothing to do with your issue - the log is totally expected.

The potential problem is a variable not being initialized properly potentially, as seen by

Validating session null for medium email

[dev4223]

Ah, ok. Thank you for explaining.

[dev4223]

@pexus in #142 brought me to the Idea: My apache config was

ProxyPreserveHost On
ProxyPass /_matrix/identity http://127.0.0.1:8090/_matrix/identity
ProxyPassReverse /_matrix/identity http://127.0.0.1:8090/_matrix/identity
<Location /_matrix>
  ProxyPass http://127.0.0.1:8008/_matrix nocanon
  ProxyPassReverse http://127.0.0.1:8008/_matrix
</Location>

Now I have changed it to

ProxyPreserveHost On
ProxyPass /_matrix/identity http://127.0.0.1:8090/_matrix/identity
ProxyPassReverse /_matrix/identity http://127.0.0.1:8090/_matrix/identity
ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix

This solved the problem. This Location-syntax for synapse comes frome here https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst And after the description here https://httpd.apache.org/docs/2.4/mod/core.html#location it seems not a good idea to do so.