I'm getting a session mismatch error when logging in!


  • GNU/Linux Admin

    This topic was created as an entry in the Developer FAQ. Respond below if you have additional information to add re: SSO or other session-sharing implementations.


    The common causes for a session mismatch error are usually one of the following:

    1. Mis-configured URL parameter in your config.json file

    If you have a misconfigured url value in your config.json file, the cookie may be saved incorrectly (or not at all), causing a session mismatch error. Please ensure that the link you are accessing your site with and the url defined match.

    2. Improper/malformed cookieDomain set in ACP

    Sometimes admins set this value realising that they probably don't need to set it at all. The default is perfectly fine. If this is set, you'll want to revert the setting by editing your database directly:

    Redis: hdel config cookieDomain
    MongoDB: db.objects.update({ _key: "config" }, { $set: { "cookieDomain": "" } });

    3. Missing X-Forwarded-Proto header from nginx/apache

    If you are using a reverse proxy, you will need to have nginx pass a header through to NodeBB so it correctly determines the correct cookie secure property.

    In nginx, you will need to add the directive like so:

    location / {
        ...
        proxy_set_header X-Forwarded-Proto $scheme;
        ...
    }
    

Log in to reply
 

Suggested Topics

  • 1
  • 3
  • 7
  • 44
  • 3
| |