Session value state missing

[xen]

I'm getting weird AuthStateMissing: Session value state missing. error with every backend using Flask. When I sent pull request last time everything was working, probably something were updated in my environment and I'm getting this error now. I have no ideas why it is not working, already spent some time, but it can be possible something very obvious.

Step to reproduce:

1. Fresh clone
2. Initiate virtualenv inside python-social-auth/examples/flask_example folder
3. Install all required packages.
4. Define several SOCIAL_AUTH_* backend keys inside settings.py.
5. Run (venv)$ python manage.py runserver
6. Login via any Auth backend with working SECRET/KEYS
7. I'm getting this traceback after target backend redirect:

127.0.0.1 - - [20/Jan/2014 05:42:03] "GET /complete/github/?code=b83e7c35d6dd2746029c&redirect_state=xZYhrm2WpRlVSLarEneuP0EYAGXmBWfq&state=xZYhrm2WpRlVSLarEneuP0EYAGXmBWfq HTTP/1.1" 500 -
Traceback (most recent call last):
  File "/Users/xen/Dev/test/python-social-auth/examples/flask_example/venv/lib/python2.7/site-packages/flask/app.py", line 1836, in __call__
    return self.wsgi_app(environ, start_response)
  File "/Users/xen/Dev/test/python-social-auth/examples/flask_example/venv/lib/python2.7/site-packages/flask/app.py", line 1820, in wsgi_app
    response = self.make_response(self.handle_exception(e))
  File "/Users/xen/Dev/test/python-social-auth/examples/flask_example/venv/lib/python2.7/site-packages/flask/app.py", line 1403, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/xen/Dev/test/python-social-auth/examples/flask_example/venv/lib/python2.7/site-packages/flask/app.py", line 1817, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/xen/Dev/test/python-social-auth/examples/flask_example/venv/lib/python2.7/site-packages/flask/app.py", line 1477, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/xen/Dev/test/python-social-auth/examples/flask_example/venv/lib/python2.7/site-packages/flask/app.py", line 1381, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/xen/Dev/test/python-social-auth/examples/flask_example/venv/lib/python2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/xen/Dev/test/python-social-auth/examples/flask_example/venv/lib/python2.7/site-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/Users/xen/Dev/test/python-social-auth/social/apps/flask_app/utils.py", line 37, in wrapper
    return func(backend, *args, **kwargs)
  File "/Users/xen/Dev/test/python-social-auth/social/apps/flask_app/routes.py", line 23, in complete
    *args, **kwargs)
  File "/Users/xen/Dev/test/python-social-auth/social/actions.py", line 44, in do_complete
    *args, **kwargs)
  File "/Users/xen/Dev/test/python-social-auth/social/strategies/base.py", line 67, in complete
    return self.backend.auth_complete(*args, **kwargs)
  File "/Users/xen/Dev/test/python-social-auth/social/backends/oauth.py", line 335, in auth_complete
    data=self.auth_complete_params(self.validate_state()),
  File "/Users/xen/Dev/test/python-social-auth/social/backends/oauth.py", line 297, in validate_state
    raise AuthStateMissing(self, 'state')
AuthStateMissing: Session value state missing.

Packages versions list (pip freeze):

Flask==0.10.1
Flask-Login==0.2.9
Flask-SQLAlchemy==1.0
Flask-Script==0.6.6
Jinja2==2.7.2
MarkupSafe==0.18
SQLAlchemy==0.9.1
Werkzeug==0.9.4
itsdangerous==0.23
oauthlib==0.6.0
pysqlite==2.6.3
python-openid==2.2.5
-e git+https://github.com/omab/python-social-auth@ea8a42a9fcfe4e6de41c009272aae19879db8a97#egg=python_social_auth-master
requests==2.2.0
requests-oauthlib==0.4.0
six==1.5.2
wsgiref==0.1.2

[omab]

Couldn't reproduce following your steps, you have cookies enabled?

[xen]

This is what I have in my Chrome settings:

Developer tools screenshot:

Any ideas?

[xen]

I checked does incoming request have cookies. And it is:

>>> req.cookies
werkzeug.datastructures.ImmutableTypeConversionDict({'psa_session': u'eyJnaXRodWJfc3RhdGUiOnsiIGIiOiJVamRVV0hSR1JWSm9WakJXVFRCbU9URnBiV3MzYm01UVZIQnFabWxPVTFZPSJ9fQ.Bb9TmA.B1cY1ozga4HGD7Y2RaJgCt19DII'  })

[omab]

And what about the session values in that session?

[omab]

@xen, did you managed to fix this? I got into the same issue some hours ago and found that the problem was by a wrong secret key, once I've updated it, it started to work.

[a1exs]

I had same problem in flask_example with google-oauth2. Tried from 0.1.19 to latest commit, only after removing SESSION_PROTECTION = 'strong' from settings.py - problem gone.

[omab]

@a1exs, I recall removing that setting too, maybe that did the trick, if that's the case this issue seems relevant maxcountryman/flask-login#137

[a1exs]

Yes, after update Flask-Login from 0.2.9 to latest commit works fine with SESSION_PROTECTION = 'strong'. Thanks!

[omab]

Awesome, @xen, could you check if that works for you?

[xen]

Great, I'll check now. Sorry for my silence.

[xen]

I've checked. Looks like it working with or without SESSION_PROTECTION. Thank you very much for your support. I think that this ticket can be closed, but it is your repository.

[omab]

Thanks! Closing...