nodebb-plugin-session-sharing Error too many redirects when cookie is present

I want to use the plugin to auth users from a wordpress site. The cookie is created on the wordpress side, and I can see it in my domain cookies in the browser dev console. The cookie payload is a valid JSON with at least id and username data, encoded as a JWT signed with the same secret as the one set in the plugin.

After the cookie is created, I can no longer access NodeBB, having a HTTP error : ERR_TOO_MANY_REDIRECTS If I delete the cookie the app is loading as usual.

I can't figure where the issue is. Can you help me with this ? Thanks

Mar 05 '24 23:03 arkabase

Can you tell me where you're being redirected to? Check the dev console of your browser

Mar 05 '24 23:03 julianlam

I'm redirected to the root of the forum, again and again. I've tried to query another page : it redirects to the login page, then loops on this one.

EDIT : I changed the Session Handling config from Trust to Revalidate and it works fine now with the admin account, but when authenticating with a normal user NodeBB doesn't even load and I have an gateway timeout. FYI NodeBB is behind a Nginx reverse proxy.

Mar 06 '24 07:03 arkabase

Same here for React Native WebView browser I opened a thread in the nodeBB community forum

@arkabase , are you also using react native WebView or in which browser is the redirection happening?

For me it's working on Chrome Desktop etc. but not in the React native WebView. I enabled http logging in nodeBB and indeed their seems to be a redirection loop:

37.201.xxx.xx - - [06/May/2024:06:35:08 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
37.201.xxx.xx - - [06/May/2024:06:35:08 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
37.201.xxx.xx - - [06/May/2024:06:35:08 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
37.201.xxx.xx - - [06/May/2024:06:35:08 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
[...10 more lines...]
37.201.xxx.xx - - [06/May/2024:06:35:09 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"

A working request on Chrome looks like this:

37.201.xxx.xx - - [06/May/2024:06:38:16 +0000] "GET / HTTP/1.1" 302 46 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
37.201.xxx.xx - - [06/May/2024:06:38:16 +0000] "GET / HTTP/1.1" 200 73109 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"

May 06 '24 06:05 niklasdahlheimer

any news on this? It's a blocking issue for us to use nodeBB

Aug 03 '24 21:08 niklasdahlheimer

@niklasdahlheimer Are you able to attach a debugger and see whether it is redirecting you to HTTPS? Could be http?

In which case perhaps config.json doesn't have https in the url?

Otherwise, a little weird that it works ok in Chrome.

Aug 04 '24 02:08 julianlam

sorry, can not debug this. Gonna use SSO instead.

Just for reference:

Cookies are a mess in react native web view: They are only applied on the first load. To reapply them, it's recommended to use "onShouldStartLoadWithRequest()", but this function is not called in Android on first load, so no chance to have persistent cookies.

Debugging a react native app in an iOS simulator (this is where the redirects happen) does not work for me.

see https://github.com/react-native-webview/react-native-webview/blob/master/docs/Guide.md#working-with-custom-headers-sessions-and-cookies

Aug 17 '24 18:08 niklasdahlheimer