You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I know, that's what the code says anyway.
Couple of questions: Why? :)
My Issue: since the key is session independent (by design) it is always generated by the last user, that is trying to log in. If the OAuth URL changes between users (which it does in my scenario) it is possible, that the key changes for a slow user (when another user tries to login before the first user is successfully logged in) and thus the state can't be validated.
Now, I know I can set the sessionKey to a fixed value, but I was wondering, why you are generating it from something, that can potentially change between users.
PS: All this insight was made possible by the PR #93 which finally explained all the different options! Thanks for that!
The text was updated successfully, but these errors were encountered:
I know, that's what the code says anyway.
Couple of questions: Why? :)
My Issue: since the key is session independent (by design) it is always generated by the last user, that is trying to log in. If the OAuth URL changes between users (which it does in my scenario) it is possible, that the key changes for a slow user (when another user tries to login before the first user is successfully logged in) and thus the state can't be validated.
Now, I know I can set the sessionKey to a fixed value, but I was wondering, why you are generating it from something, that can potentially change between users.
PS: All this insight was made possible by the PR #93 which finally explained all the different options! Thanks for that!
The text was updated successfully, but these errors were encountered: