Occasional SessionStateMissing exception on Linkedin

[merutak]

I'm getting this whenever the user hits /complete/linkedin-oauth2/ twice. I'm guessing - not sure - that what happens is this:

• The user clicks the 'accept' button twice by mistake (or maybe because of a bug with the provider's front end).
• The first 'complete' pops the session state and tries to continue with the pipeline. It fails because the provider revoked the token, because of the second request.
• The second 'complete' doesn't find the state so fails.

If this is indeed the issue, maybe we can somehow avoid popping the session state; rather leaving it as is for the next request.

(I posted this as a comment on #220 but the original issue there was different, so I figured it's better as a separate issue).

[ddehghan]

I also have the same missing session state problem but mine is with google auth. I tried to reproduce this with google oauth and it didn't. So at least with google auth it seems that you can't double click:

here is in order how values get set and poped in session for me:

pop partial_pipeline
value: None
pop partial_pipeline
value: None
get google-oauth2_state
value: None
set google-oauth2_state
value: nlAPKf8OVsZ9Uqw7ePbuwbCD45faPM

127.0.0.1 - - [20/Nov/2015 13:03:59] "GET /login/google-oauth2/? HTTP/1.1" 302 -
get partial_pipeline
value: None
get google-oauth2_state
value: nlAPKf8OVsZ9Uqw7ePbuwbCD45faPM
pop partial_pipeline
value: None
get next

set social_auth_last_login_backend
value: google-oauth2

[omab]

Fixed by python-social-auth/social-core@4d2903c.