Open tristanweir opened 7 years ago
the state is regenerated when navigating back and ends up not matching when returning to the RP, which detects this as a CSRF failure and logs you out (it no longer takes you to "something went wrong")
@gdestuynder When I tested this just now I did get the auth0 something went wrong page. I ended up on this URL
saying
There could be a misconfiguration in the system or a service outage.
How would one fix this issue?
The error message now reads:
You probably pressed the back button or there is some issue with cookies, since we couldn't find your session. Try logging in again from the application and if the problem persist contact the administrator.
I feel like the occurrence of this user action is small enough, that this error message should be sufficient.
Kang, I assume you wrote the error message. Can you update the text to the following (corrects typo and makes instructions more clear)?
You probably pressed the Back button or there was some issue with cookies, since we couldn't find your session. Try signing in again from the site. If the problem persists, please contact the site administrator.
Steps to reproduce
Instead of taking you to the success page, it takes you to a generic Mozilla Something Went Wrong page.
I think it might be the callback URL gets messed up by navigating through 2 social logins.
Confirmed in FF 49 and Chrome