Skip to content
This repository has been archived by the owner on Jun 12, 2024. It is now read-only.

AuthSecurityError at /auth/redirect Failed to match request state with session state #6

Open
ghost opened this issue Nov 23, 2021 · 7 comments
Open

AuthSecurityError at /auth/redirect Failed to match request state with session state #6

ghost opened this issue Nov 23, 2021 · 7 comments
Labels
untriaged

Comments

@ghost
Copy link

ghost commented Nov 23, 2021

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

Thanks! We'll be in touch soon.
@ishunrzb09
Copy link

Any update on above issue as i am also facing same issue.

@ishunrzb09
Copy link

i am using mac os

@tom-georg
Copy link

I also had that problem but only got it when I ran django on my local machine.
I realised I only get it when
SESSION_COOKIE_SECURE = True
is set in the settings file. Making that line a comment helped me to get rid of the problem.

@anjanesh
Copy link

anjanesh commented Oct 3, 2023

I had my work laptop switched off for 3 days and today when I brought it back on and ran PyCharm and went to localhost:8000 in the browser and signed in using Microsoft AD, I got :

http://localhost:8000/auth/redirect?code=0.xxx#

AuthSecurityError at /auth/redirect
Failed to match request state with session state
Request Method: GET
Request URL:    http://localhost:8000/auth/redirect?code=0.xxxm&state=xxxx-xxxx-xxxx-xxxx-xxxx&session_state=xxxx-xxxx-xxxx-xxxx-xxxx
Django Version: 4.2.5
Exception Type: AuthSecurityError
Exception Value:    
Failed to match request state with session state
Exception Location: D:\workspace\django\projectX\env\lib\site-packages\ms_identity_web\__init__.py, line 259, in _verify_state
Raised during:  ms_identity_web.django.msal_views_and_urls.aad_redirect
Python Executable:  D:\workspace\django\projectX\env\Scripts\python.exe
Python Version: 3.10.10

I don't know how all of a sudden this is happening because no code was changed in those 3 days.

I even cleared cache and cookie data for the last 7 days and still in vain. Same thing happening in another browser.

@morfaer
Copy link

morfaer commented Mar 11, 2024

+1 Also have this issue. @bgavrilMS any ideas about a possible solution?

@bgavrilMS
Copy link
Collaborator

Hi @morfaer and others. @rayluo found some issues with this sample and rewrote it - see https://github.com/Azure-Samples/ms-identity-python-webapp-django

We will deprecate this one or replace with the new one.

@eldamir
Copy link

eldamir commented May 23, 2024

For what it is worth; I was able to sign in with my home tenant and a test tenant. First client who tried to sign in got the above error. I had them go to the /logout route to completely sign out and then log back in with SSO, and then it worked... Will come back and update here if I see the issue again

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
untriaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@anjanesh @eldamir @tom-georg @bgavrilMS @ishunrzb09 @morfaer