I'm getting a session mismatch error when logging in!
-
This topic was created as an entry in the Developer FAQ. Respond below if you have additional information to add re: SSO or other session-sharing implementations.
The common causes for a session mismatch error are usually one of the following:
1. Mis-configured URL parameter in your
config.jsonfileIf you have a misconfigured
urlvalue in yourconfig.jsonfile, the cookie may be saved incorrectly (or not at all), causing a session mismatch error. Please ensure that the link you are accessing your site with and the url defined match.2. Improper/malformed
cookieDomainset in ACPSometimes admins set this value realising that they probably don't need to set it at all. The default is perfectly fine. If this is set, you'll want to revert the setting by editing your database directly:
Redis:
hdel config cookieDomain
MongoDB:db.objects.update({ _key: "config" }, { $set: { "cookieDomain": "" } });3. Missing
X-Forwarded-Protoheader from nginx/apacheIf you are using a reverse proxy, you will need to have nginx pass a header through to NodeBB so it correctly determines the correct cookie
secureproperty.In nginx, you will need to add the directive like so:
location / { ... proxy_set_header X-Forwarded-Proto $scheme; ... }
