You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I got this issue in my production app, where users are keeping an authorized page open in Chrome, shutting down their computer, and returning to Chrome again after their session has expired. I have debugged it using puppeteer to view the network tab on initial page load, and it seems that even though the user was on my domain, they immediately start on the auth0 server on one of the endpoint routes there, rather than starting in my application.
I have reproduced it with the example-app from this repository.
Reproduction
Install the example-app and setup the authentication variables required.
In lib/auth0, update the pageRouterAuth by adding a short session duration, and disable rolling - just for easily showing the error.
Open google Chrome, and in a new tab visit localhost:3000.
In Chrome, Settings, "On startup" select: "Continue where you left off"
Click into the "Page router" and the "Profile (SSR)" link, and sign in.
Close the Chrome browser.
Wait for more than 20 seconds (the absolute duration of the session) and reopen the browser
Witness how you just get a CallbackHandlerError: Callback handler failed. CAUSE: Missing state cookie from login request (check login URL, callback URL and cookie config)
I am running this in a puppeteer-driven Chrome version, and see in the network tab that even though I am supposed to immediately return to the localhost:3000/page-router/profile-ssr route, I am rather taken on this redirect journey:
So the way I see it, there's little wonder that the state cookie is missing, because how would it have been set if we have never visited my domain first?
Additional context
In my production app I have added error handling in the callback function, to catch these errors and redirect back where I wanted to go originally. But this behavior is a hindrance for a good user experience, in this somewhat edgy case.
nextjs-auth0 version
3.5.0
Next.js version
14.2.3 (and 13.3.0 in my prod app)
Node.js version
18.20.2 (18.12.0 in my prod app)
The text was updated successfully, but these errors were encountered:
Do you have a recommended way to handle this situation? I have no idea why the browser would choose to return to auth0 servers, but Im guessing the session has stored where it went to authenticate - or something like that? Do http redirect codes matter for this?
Checklist
Description
I got this issue in my production app, where users are keeping an authorized page open in Chrome, shutting down their computer, and returning to Chrome again after their session has expired. I have debugged it using puppeteer to view the network tab on initial page load, and it seems that even though the user was on my domain, they immediately start on the auth0 server on one of the endpoint routes there, rather than starting in my application.
I have reproduced it with the example-app from this repository.
Reproduction
lib/auth0
, update thepageRouterAuth
by adding a short session duration, and disable rolling - just for easily showing the error.npm run dev
CallbackHandlerError: Callback handler failed. CAUSE: Missing state cookie from login request (check login URL, callback URL and cookie config)
I am running this in a puppeteer-driven Chrome version, and see in the network tab that even though I am supposed to immediately return to the
localhost:3000/page-router/profile-ssr
route, I am rather taken on this redirect journey:So the way I see it, there's little wonder that the state cookie is missing, because how would it have been set if we have never visited my domain first?
Additional context
In my production app I have added error handling in the callback function, to catch these errors and redirect back where I wanted to go originally. But this behavior is a hindrance for a good user experience, in this somewhat edgy case.
nextjs-auth0 version
3.5.0
Next.js version
14.2.3 (and 13.3.0 in my prod app)
Node.js version
18.20.2 (18.12.0 in my prod app)
The text was updated successfully, but these errors were encountered: