Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Irrecoverable state when "securecookie" fails. #97

Closed
aeneasr opened this issue Oct 24, 2019 · 0 comments · Fixed by #101
Closed

Irrecoverable state when "securecookie" fails. #97

aeneasr opened this issue Oct 24, 2019 · 0 comments · Fixed by #101
Assignees
@aeneasr
Labels
bug Something is not working.
Milestone
v0.1.0-alpha.1

Comments

@aeneasr
Copy link
Member

aeneasr commented Oct 24, 2019

Describe the bug

When calling /public/auth/browser/login:

{"error":{"code":401,"status":"Unauthorized","request":"5d3db5ec8f60bec323fe7dd8e25c3279","reason":"No active session was found in this request.","debug":"securecookie: the value is not valid","message":"The request could not be authorized"}}

Reproducing the bug

Steps to reproduce the behavior:

Server logs

 {"code":401,"debug":"securecookie: the value is not valid","details":{},"error":"The request could not be authorized","level":"error","msg":"An error occurred while handling a request","reason":"No active session was found in this request.","request-id":"5d3db5ec8f60bec323fe7dd8e25c3279","status":401,"time":"2019-10-24T16:53:59Z","trace":"Stack trace: \ngithub.com/ory/hive/session.(*ManagerHTTP).FetchFromRequest\n\t/go/src/github.com/ory/hive/session/manager.go:97\ngithub.com/ory/hive/session.(*Handler).IsNotAuthenticated.func1\n\t/go/src/github.com/ory/hive/session/handler.go:64\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/httprouter@v1.2.0/router.go:334\ngithub.com/justinas/nosurf.(*CSRFHandler).handleSuccess\n\t/go/pkg/mod/github.com/justinas/nosurf@v0.0.0-20190118163749-6453469bdcc9/handler.go:187\ngithub.com/justinas/nosurf.(*CSRFHandler).ServeHTTP\n\t/go/pkg/mod/github.com/justinas/nosurf@v0.0.0-20190118163749-6453469bdcc9/handler.go:144\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/reqlog.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.76/reqlog/middleware.go:140\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.76/metricsx/middleware.go:261\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:96\ngithub.com/gorilla/context.ClearHandler.func1\n\t/go/pkg/mod/github.com/gorilla/context@v1.1.1/context.go:141\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2802\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1890\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1357","writer":"JSON"}

Expected behavior

If the cookie can not be decoded (secret change maybe?) simply reset it.

Environment

  • Version: master
@aeneasr aeneasr added the bug Something is not working. label Oct 24, 2019
@aeneasr aeneasr added this to the v0.0.1 milestone Oct 24, 2019
@aeneasr aeneasr self-assigned this Oct 24, 2019
aeneasr added a commit that referenced this issue Nov 4, 2019
@aeneasr
session: Handle securecookie errors appropriately
d0e6c5b 
Previously, IsNotAuthenticated would not handle securecookie errors appropriately.
This has been resolved.

Closes #97
@aeneasr aeneasr mentioned this issue Nov 4, 2019
Merged
aeneasr added a commit that referenced this issue Nov 4, 2019
@aeneasr
session: Handle securecookie errors appropriately (#101)
cbd3671 
Previously, IsNotAuthenticated would not handle securecookie errors appropriately.
This has been resolved.

Closes #97
aeneasr added a commit that referenced this issue Nov 4, 2019
@aeneasr
session: Handle securecookie errors appropriately (#101)
75bf6fe 
Previously, IsNotAuthenticated would not handle securecookie errors appropriately.
This has been resolved.

Closes #97
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
bug Something is not working.
Projects
None yet
Milestone
v0.1.0-alpha.1
Development

Successfully merging a pull request may close this issue.

session: Handle securecookie errors appropriately ory/kratos
1 participant
@aeneasr