Reports of the key not working #313
Comments
|
We're going to need more info before being able to investigate the problem. username, time when it happened, STR's to the best of their knowledge, etc. |
|
Okay, so one of the people who emailed about this responded. He says his username is aaj. He says that when he first tried logging in, the key didn't work (claimed they were expired even though he was within the allotted time), and then it just stopped sending him keys altogether. I will continue to try and get more data from people who are having this problem, I'm still receiving new emails about it. |
|
@cadecairos is there -- I don't know -- some sort of pile of text that tells you information about what happened? Oh! Like a log? |
|
STR:
Expected: That it signs me and keeps me logged in |
|
I can log in fine with those STRs (tried five times in a row, three in FX, two in chrome) There must be a missing step |
|
@cadecairos so I went over this with @ScottDowne @alicoding and I was able to solve the problem by clearing my cookies. Maybe they can explain why it was an issue... Scott? Ali? |
|
I may be wrong, but this might an issue with CSRF. Could there be some way the csrfSecret stored in the cookie might not be valid with the csrf token in the page? |
|
Yeah, I have been asking myself how a csrf could have an issue. A csrf created in an older version maybe? The code that creates the cookie hasn't been changed since mid nov. So maybe we changed how we interact with it? I tried purposely breaking my csrf and while it did break, it broke in a way that wasn't what Lucy was seeing. |
|
This is a longshot, but perhaps there's an app out there using an older version of webmaker-auth? There could be an incompatibility with how it is generating session cookies vs another app. |
|
OR What if this is a product of the plain JS adapter not clearing the search parameters after logging in? for example, This shouldn't be a problem with any page using the angular adapter because I made sure it clears the url parameters after it grabs the uid and key values. I can see some kind of client-side loading error causing UI refresh issues after logging in (especially on non-angular webmaker-org pages, which might cause some users to refresh and/or try to click the link again. |
|
I spoke with @ScottDowne about the problems @Lucyeoh was seeing on the /me page of webmaker.org I think I understand why people think the login is failing on that page: the login link will trigger a "login" event, which will trigger the As for why Lucy was being automatically logged out, it could have been due to an old Cookie in her browser specifically, or a race case in how the browser was executing JS. |
|
/cc @simonwex |
|
@simonwex @cadecairos seeing as this might not get fixed immediately I'm wondering if we could consider adding a note to login that let's people know how to fix it. "Having problems with login? Try clearing cookies from your browser history and then try and login again. It will send you another key that you should be able to copy and paste into the login browser. Here is a simple guide for clearing your cookies. https://support.mozilla.org/en-US/kb/delete-browsing-search-download-history-firefox#w_how-do-i-clear-my-history" |
|
Other bug: #327 |
Hey!
Over the past week or so we've had a few issues about people having problems with the key. Things like "The login key is not working. I tried for five minutes, but I didn't get the email for the key. Now I can't get into my account."
No report of error messages so it might be user error but though I'd file it here just in case.
The text was updated successfully, but these errors were encountered: