You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At our production instance, the following error occurs frequently (approx. 2 times a day):
OIDC callback state not found in session oidc_states!
SuspiciousOperation at /oidc/callback/
OIDC callback state not found in session oidc_states!
There is an issue at the library we're using, where some possible workarounds are described: mozilla/mozilla-django-oidc#435
We should check whether this bug affects our users and, if it does, how to resolve the issue (workarounds described in the referenced issue, other library, etc).
In my experience, the error occurs especially when a user navigates back in their browser. Maybe, the OIDC callback is part of the history and users go back to the callback URL with some old, invalid state. However, I haven't investigated on this in detail, so there may be other causes as well.
The text was updated successfully, but these errors were encountered:
After some observation, it seems like the behavior is triggered especially when a users visits a tab that their browser has removed from RAM and thus reloads it
At our production instance, the following error occurs frequently (approx. 2 times a day):
There is an issue at the library we're using, where some possible workarounds are described: mozilla/mozilla-django-oidc#435
We should check whether this bug affects our users and, if it does, how to resolve the issue (workarounds described in the referenced issue, other library, etc).
In my experience, the error occurs especially when a user navigates back in their browser. Maybe, the OIDC callback is part of the history and users go back to the callback URL with some old, invalid state. However, I haven't investigated on this in detail, so there may be other causes as well.
The text was updated successfully, but these errors were encountered: