第一次 Twitter OAuth 请求后会话丢失
使用 ASP.NET MVC,会话存储在 SQL 数据库中(从来没有出现过问题,也没有使用网络场)。还使用 Twitterizer2 库。使用火狐浏览器。
- 第一次请求,没有打开浏览器实例。浏览器实例已启动。
- 我们有简单的表单“在 Twitter 上发布”和提交按钮“共享”。
- 单击共享时,我们将消息存储在会话中并重定向到 Twitter 的 OAuth 身份验证(在 POST 提交时)。
- 我们验证成功并返回到我们的操作,在发布到 Twitter 之前,我们检查消息是否存储在会话中(事实并非如此! - 在 Twitter 重定向后它立即丢失)
- 当我们尝试另一条消息共享时,它现在正在工作(会话) 。
- 我们使用 Cookie 解决了这个问题,但是当我们从 Twitter 返回后丢失了会话(第一次)时,我们没有任何线索。
有什么deas吗?
Using ASP.NET MVC, sessions are stored in SQL database (never had a problem with them, and didn't use web farm). Using also Twitterizer2 library. Using Firefox.
- First request, no browser instances is opened. Browser instance is started.
- We have simple form "Publish on twitter" and submit button Share.
- When Share is clicked we store message in Session and redirect to Twitter's OAuth authentication (on POST submit).
- We authenticate OK and return to our Action and before posting to Twitter we check if message is stored in Session (and it isn't! - it is lost immediately after Twitter redirection)
- When we try another messsage Share it is now working (Session).
- We solved it using a Cookie but we don't have a clue while we lost Session (first time) after returning from Twitter.
Any deas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我想问一下,第一次没有cookie的情况下,是如何维持session的?
我认为问题可能出在 cookie 设置过程上。几周前我也遇到过类似的问题。
问题是,当我请求 REQUEST 令牌时,该请求是内部 HTTP 请求(不是通过用户浏览器)。作为对此请求的响应,我获取 REQUEST 令牌,然后将其设置在用户会话中。
但是,如果用户第一次访问我的网站而没有会话,则他没有会话 cookie 可以发送给我。在网站内部,我为他创建了一个会话,并将令牌存储在其中,但随后我没有向他发送包含 cookie 标头的响应,以便他“接受”我的会话,而是重定向到提供商授权端点。这样,用户就不会获得会话 cookie,并且当他返回时,他就像我网站的新用户一样。
这是发生在我身上的过程流程:
我有兴趣知道您是否有类似的问题:)
此致
I'd like to ask how did you maintained the session without cookie the first time?
I think the problem can be of the cookie set process. I also experienced similar problem before a couple of weeks.
The problem was that when I make request for REQUEST token, this request is internal HTTP request (not via user browser). As a response to this request I get REQUEST token and then set it in the user session.
However, if the user just came to my site for first time without a session, he does not have a session cookie to sent me. Internally at the web site I have created a session for him, and stored the token inside it, but then instead of sending him response with cookie headers included, so that he "accepts" my session, I make redirect to the provider authorize endpoint. This way, the user does not get the session cookie, and when he is returned back, he is like a new user for my site.
This is the flow of the process that happened to me:
I'd be interested to know if you had similar problem :)
Best regards
检查请求和回调域是否相同
,即您正在从 localhost 发出 oauth 请求并回调到 127.0.0.1
check the request and callback domain are the same
i.e. you are making request for oauth from localhost and callback to 127.0.0.1