Session Mismatch
-
I am facing the same issue, I actually delete a record from the objects table. Now it is showing session mismatch. How do I reset?
-
@maulikmmodi You probably want to clear your cookies so you can log in again.
-
@julian
i don't understand where the problem is...
i have this problem over a year now and everyone can use nodebb over ldap...
but not my user over ldap, im sure, im uid:7......see what happens when i delete all sessions. so under objects i see:
{
"_id" : ObjectId("5af1938c0927a23eb5d87773"),
"_key" : "uid:7:sessions",
"value" : "Iy2SjVzdi3zUjDjF0At_Gs6BwY96MiZ1",
"score" : 1525781388101.0
}
{
"_id" : ObjectId("5af1923d0927a23eb5d87771"),
"_key" : "uid:7:sessions",
"value" : "v3QiHjqADJ5tyvsy9TpEpdUvh-KlXmUB",
"score" : 1525781053765.0
}under sessions:
{
"_id" : "v3QiHjqADJ5tyvsy9TpEpdUvh-KlXmUB",
"session" : "{"cookie":{"originalMaxAge":1209600000,"expires":"2018-05-22T12:09:17.452Z","secure":true,"httpOnly":true,"domain":"xxx","path":"/"},"csrfSecret":"h5FTrzQrRex4kXU_y3F_0LjB","flash":{},"passport":{"user":7},"meta":{"ip":"x.x.x.x","uuid":"09008e73-2f23-4c47-a4e3-58351a793abb","datetime":1525781053765,"platform":"Microsoft Windows","browser":"Firefox","version":"59.0"}}",
"expires" : ISODate("2018-05-22T12:09:17.452+0000")
}
{
"_id" : "Iy2SjVzdi3zUjDjF0At_Gs6BwY96MiZ1",
"session" : "{"cookie":{"originalMaxAge":false,"expires":false,"secure":true,"httpOnly":true,"domain":"xxx","path":"/"},"csrfSecret":"tMUwaiPII6wvmfPMajOaNQTE","flash":{},"passport":{"user":7},"meta":{"ip":"x.x.x.x","uuid":"f8fec706-0e86-4383-9ff9-cb2ba2d06a76","datetime":1525781388101,"platform":"Microsoft Windows","browser":"Firefox","version":"59.0"}}",
"expires" : ISODate("2018-05-22T12:09:50.204+0000")
}PLEASE HELP i don't understand the logic how nodebb stores that data in database and why this is happening
-
Hi! Thanks for following up. Since you posted before and today, I think I might know what is going on.
Can you let me know the uid? It looks like when the LDAP plugin registers a new user it doesn't handle user deletion at all, so that is why it is trying to log you into an account that no longer exists (hence session mismatch).
Do you know your ldap ID? If so, please delete the incorrect reference from the
ldapid:uid
hash.hdel ldapid:uid {yourLDAPid}
or in mongo:db.objects.update({ _key: "ldapid:uid" }, { $unset: "{yourLDAPid}": "" });
-
@julian said in Session Mismatch:
Hi! Thanks for following up. Since you posted before and today, I think I might know what is going on.
Can you let me know the uid? It looks like when the LDAP plugin registers a new user it doesn't handle user deletion at all, so that is why it is trying to log you into an account that no longer exists (hence session mismatch).
Do you know your ldap ID? If so, please delete the incorrect reference from the
ldapid:uid
hash.hdel ldapid:uid {yourLDAPid}
or in mongo:db.objects.update({ _key: "ldapid:uid" }, { $unset: "{yourLDAPid}": "" });
@julian, i think i found it with your help. but im not sure, how can i know what ldap id i have? I think my UID is 7... So, it is possible that i have 1483239134, but how can i doublecheck this!? look screenshot
-
The "key" is the LDAP id on your end (the "remote" side), the "value" is the NodeBB uid. You'll need one of those to figure out the leftover entry and then you can delete it.
I'm not sure if it'll work, but when you're in the midst of the login loop, maybe you can type
app.user
in the web inspector console to see what it is set to... -
@julian said in Session Mismatch:
The "key" is the LDAP id on your end (the "remote" side), the "value" is the NodeBB uid. You'll need one of those to figure out the leftover entry and then you can delete it.
I'm not sure if it'll work, but when you're in the midst of the login loop, maybe you can type
app.user
in the web inspector console to see what it is set to...It works now, thank you very much!
I did a backup of mongo db and whole vm ... To figure out what UID i have, i deleted all sessions under mongodb and logged in with the ldap user that don't work ... under session it shows UID7 for that session. Searching under object for ldap and deleted entry with value UID7.
It would be awesome if local users would work too, but i think this depends on the ldap plugin...
Other way would be that nodebb can handle ldap integration out of the box...That would be damn awesome! -
@isag said in Session Mismatch:
Other way would be that nodebb can handle ldap integration out of the box...That would be damn awesome!
Heheh... unfortunately for you that won't happen because not everybody wants or needs LDAP integration, so we encourage the use of plugins so that a NodeBB can be customised to the exact needs of the admin.
-
@julian said in Session Mismatch:
@isag said in Session Mismatch:
Other way would be that nodebb can handle ldap integration out of the box...That would be damn awesome!
Heheh... unfortunately for you that won't happen because not everybody wants or needs LDAP integration, so we encourage the use of plugins so that a NodeBB can be customised to the exact needs of the admin.
Thats great but ldap plugin seems to be outdated, no one answers for issue on github, so development somehow has been stopped and local users can't be used at the moment.