search

psignoret / aad-sso-wordpress

Single Sign-on with Azure Active Directory (for WordPress)
Other
266 stars 80 forks source link

Error when signing in - "Session does not contain antiforgery ID." #200 #246

Open stefanie-sidekick opened 2 years ago

stefanie-sidekick commented 2 years ago

I'm experiencing this problem after transferring the website to a new hosting. I already deleted my app registration in Azure Active Directory and created a new one. But no success.

stefanie-sidekick commented 2 years ago

I also have the following warning in my console log Cross-Origin Read Blocking (CORB) blocked cross-origin response https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&scope=openid&domain_hint=&client_id=f024538c-7fcf-4a7c-89d2-256cdf49a1f2&resource=https%3A%2F%2Fgraph.microsoft.com&redirect_uri=https%3A%2F%2Fhomeoffice.xploregroup.be%2Fwp-login.php&state=%7BEA2213AF-53EB-341F-4295-EDB616D3EEB7%7D&nonce=%7BEA2213AF-53EB-341F-4295-EDB616D3EEB7%7D with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

psignoret commented 2 years ago

@stefanie-sidekick Can you share the details about how your site is deployed (most importantly, the list of plugins you have enabled)?

stefanie-sidekick commented 2 years ago

Hi Philippe,

I already fixed it with setting up an older backup. I think something breaks with the new wordpress core update.

Greetings, Stefanie Smet

[http://signatures.sidekick.be/sidekick/images/Sidekick3.gif]

psignoret commented 2 years ago

Thanks for the follow-up. I will take a look ASAP with the latest WordPress and let you know.

psignoret commented 2 years ago

@stefanie-sidekick I've tested on all the recent versions of WordPress and haven't been able to reproduce the issue you described. If you have any additional details I could use to try to reproduce the problem, that would be awesome. Thanks!

stefanie-sidekick commented 2 years ago

Hi Phillipe,

I now have the same problem with a new website. If you go to https://demo.sidekick.be/cronos-public-services/samen-werken/ you can click on login and that will redirect to the azure ad login. After I logged me in with my cronos account I get redirect to /wp-login.php with the same error. "Session does not contain antiforgery ID."

What I'm I doing wrong?

psignoret commented 2 years ago

@stefanie-sidekick I'm still unable to reproduce the issue, and I can't access the URL you shared. Can you please contact me at philippe.signoret@outlook.com so we can troubleshoot further?

admin-eschaeffer58 commented 1 year ago

Check your session configuration on your php server. Found that mine was a result of an invalid session_save path.