bungle/lua-resty-session

Does not match state restored from session

MelnykVL opened this issue · 0 comments

MelnykVL commented

Hi,

I have a problem with a session state

Installed rocks

Rocks installed for Lua 5.1
---------------------------

lua-resty-http
   0.17.1-0 (installed) - /usr/local/openresty/luajit/lib/luarocks/rocks-5.1

lua-resty-jwt
   0.2.3-0 (installed) - /usr/local/openresty/luajit/lib/luarocks/rocks-5.1

lua-resty-openidc
   1.7.6-3 (installed) - /usr/local/openresty/luajit/lib/luarocks/rocks-5.1

lua-resty-openssl
   0.8.22-1 (installed) - /usr/local/openresty/luajit/lib/luarocks/rocks-5.1

lua-resty-session
   3.10-1 (installed) - /usr/local/openresty/luajit/lib/luarocks/rocks-5.1

Steps to reproduce:

  1. Open the app page (http://localhost), you will redirect to keycloak login page and duplicate it
    tab 1 - http://host.docker.internal:8888/auth/realms/myrealm/protocol/openid-connect/auth?redirect_uri=http%3A%2F%2Flocalhost%2Fredirect_uri&scope=openid%20email%20profile&state=93172aa3186bac0757a2da4533efcb29&nonce=11f28c0fec4ce010a2a3b69a61df71ce&client_id=openresty-proxy&response_type=code
    tab 2 - http://host.docker.internal:8888/auth/realms/myrealm/protocol/openid-connect/auth?redirect_uri=http%3A%2F%2Flocalhost%2Fredirect_uri&scope=openid%20email%20profile&state=93172aa3186bac0757a2da4533efcb29&nonce=11f28c0fec4ce010a2a3b69a61df71ce&client_id=openresty-proxy&response_type=code
  2. Login on the first tab, after a user is logged in, reload the second tab

Actual result from second tab:
image
image
Logs from docker
2023/05/17 11:02:06 [error] 1#1: *58 [lua] openidc.lua:1106: authenticate(): state from argument: 93172aa3186bac0757a2da4533efcb29 does not match state restored from session: nil, client: 172.19.0.1, server: localhost, request: "GET /redirect_uri?state=93172aa3186bac0757a2da4533efcb29&session_state=79a2ac8f-f56a-434b-aabc-22d3fa78458a&code=635d4b4f-e024-439a-accd-9b0027f390b4.79a2ac8f-f56a-434b-aabc-22d3fa78458a.49699e6d-791b-4bc9-8a68-c9bc7f29742c HTTP/1.1", host: "localhost"
Expected result
Redirect to the app (http://localhost)

Can I change this behavior?

Thanks