Session lost after first Twitter OAuth request_问答_开发者

Session lost after first Twitter OAuth request

开发者 https://www.devze.com 2023-02-15 21:29 出处：网络

Using ASP.NET MVC, sessions are stored in SQL database (never had a problem with them, and didn\'t use web farm). Using also Twitterizer2 library. Using Firefox.

Using ASP.NET MVC, sessions are stored in SQL database (never had a problem with them, and didn't use web farm). Using also Twitterizer2 library. Using Firefox.

First request, no browser instances is opened. Browser instance is started.
We have simple form "Publish on twitter" and submit button Share.
When Share is clicked we store message in Session and redirect to Twitter's OAuth au开发者_运维技巧thentication (on POST submit).
We authenticate OK and return to our Action and before posting to Twitter we check if message is stored in Session (and it isn't! - it is lost immediately after Twitter redirection)
When we try another messsage Share it is now working (Session).
We solved it using a Cookie but we don't have a clue while we lost Session (first time) after returning from Twitter.

Any deas?

I'd like to ask how did you maintained the session without cookie the first time?

I think the problem can be of the cookie set process. I also experienced similar problem before a couple of weeks.

The problem was that when I make request for REQUEST token, this request is internal HTTP request (not via user browser). As a response to this request I get REQUEST token and then set it in the user session.

$token = getRequestToken();
$_SESSION['token'] = $token;

However, if the user just came to my site for first time without a session, he does not have a session cookie to sent me. Internally at the web site I have created a session for him, and stored the token inside it, but then instead of sending him response with cookie headers included, so that he "accepts" my session, I make redirect to the provider authorize endpoint. This way, the user does not get the session cookie, and when he is returned back, he is like a new user for my site.

This is the flow of the process that happened to me:

create user session in the database

setcookie(usersession) // add headers to the eventual response

get request token

set the token in the session

redirect the user (user does not receive the session cookie)

user goes to authorization point

user returns, but he is a new user for me

I'd be interested to know if you had similar problem :) Best regards

check the request and callback domain are the same

i.e. you are making request for oauth from localhost and callback to 127.0.0.1