session mismatch error after deleting user
-
Hi guys,
I need to get out of a trouble I really can't figure out how to.
This morning in order to get my forum cleaned up for an internal testing phase, I have deleted all the users (and their posts) from via the administration panel. Everything went well and the forum got cleaned up except for the admin account.
I'm now trying to re-register myself with my previous credentials I used as standard user but after the initial success of the registration I've nodebb constantly showing up this "Session Mismatch" pop-up.
I've trie with cleaning the browser cache, I've tried with a different browser, I've tried to clean-up also thesessionscollections in the Mongo DB but I still get the pop-up.Do you have an idea how I can get it fixed? Or the sole option I have is to restore the database before the users clean-up phase?
Thanks, Riccardo
-
@baris thanks a lot! You brought me into the right direction.
I've queried the DB for
db.getCollection('objects').find({"_key":{$regex:'maxonIDId:uid'}})and deleted the found object. This just made the trick and disconnected the retuned OAuthID from the actual nodebb uid.Thanks a lot for looking at the thread and also checking the my code!
Really appreciated you're awesome guys!
-
@baris said in session mismatch error after deleting user:
app.logout()
Thanks @baris running
app.logout()just stops the pop-up to show up cause an actual logout takes place, but as soon as I attempt to login the pop-up starts again and again -
config.json looks like
{ "url": "https://aaa.bbb.ccc.ddd", "secret": "xxxxxxxxxxxxxxxxxxxxxxx", "database": "mongo", "mongo": { "uri": "mongodb://nodebb:nodebb-pass@localhost/nodebb", "uri_long": "mongodb://nodebb:nodebb-pass@localhost/nodebb" }, "port": "4567", "socket.io": { "origins": "https://aaa.bbb.ccc.ddd:*" },and looking in the DB I see in the sessions collections
/* 1 */ { "_id" : "bzuVRBphBzKSUZ3Yt9VxEQUPuJoU5nKh", "expires" : ISODate("2021-03-05T15:41:25.409Z"), "session" : "{\"cookie\":{\"originalMaxAge\":1209600000,\"expires\":\"2021-03-05T15:41:17.902Z\",\"secure\":true,\"httpOnly\":true,\"path\":\"/\",\"sameSite\":\"Lax\"},\"returnTo\":\"/\",\"flash\":{},\"passport\":{\"user\":8}}" } /* 2 */ { "_id" : "mqBJSla7h9jDaRjbdpEsCpbIaXpZxKIX", "expires" : ISODate("2021-03-05T17:02:35.259Z"), "session" : "{\"cookie\":{\"originalMaxAge\":1209600000,\"expires\":\"2021-03-05T17:02:34.250Z\",\"secure\":true,\"httpOnly\":true,\"path\":\"/\",\"sameSite\":\"Lax\"},\"returnTo\":\"/\",\"flash\":{},\"registration\":{\"returnTo\":\"/\",\"uid\":8},\"passport\":{\"user\":8}}" }I've tried already to delete anything in the sessions collection but with no better luck
To give better context consider that my user is attempting to authenticate using this OAuth2 plugin I've developed and nodebb get stuck as soon as I'm authenticated against my identity provider and I'm going to set my privacy settings
Thanks for any help
-
@baris said in session mismatch error after deleting user:
Also can you try with this change https://github.com/NodeBB/NodeBB/commit/beb14273876406b69bb202ab2805926862e27879
@baris change done but no good result
-
Can you try a different browser or a private browser?
-
Looking at one of the sessions object I've spotted
"registration\":{\"returnTo\":\"/\",\"uid\":8},\"passport\":{\"user\":8}}"which seems like it's referring to the same uid that my user had before getting deleted. Looks like that re-registering myself with the same account tries to use the same uid.
Does it make any sense to you gurus?
Cheers, R
-
This post is deleted!
-
@baris thanks a lot! You brought me into the right direction.
I've queried the DB for
db.getCollection('objects').find({"_key":{$regex:'maxonIDId:uid'}})and deleted the found object. This just made the trick and disconnected the retuned OAuthID from the actual nodebb uid.Thanks a lot for looking at the thread and also checking the my code!
Really appreciated you're awesome guys!
