[nodebb-plugin-session-sharing] Session Sharing
-
Hi,
This is a wonderful plugin and it has worked fine for our users. Unfortunately for some users, we set unsigned tokens (cookies). They were complaining about not being able to log in. As soon as we recognized the problem, we changed their cookies to signed ones. Now they are not getting the error message about the need to sign the JWT token but nodebb is not logging them in. They have the cookie set with the correct - signed JWT token - but they are not logged in.
Any clues on how to solve this?
-
hi, @julian
I encountered a problem while using this plugin. When registered users jump to the forum, they will register a new user. Even if "id" is the id of an old user, a new user will be registered. -
@cifangyiquan if the user has an existing account before attempting session share login then they will get a new account, since the "remote id" passed in is unknown.
I believe if you pass in an email, it should attempt email user matching.
-
Hi @julian!
I'm experiencing a problem with session sharing on the forum. Even after I log out from my website, the forum doesn't log me out. I've set the cookie changes in the admin panel to "Revalidate," but it's not working as expected. Upon closer inspection in the browser's application settings, I noticed that the issue is related to "express.sid" cookie which i have no idea what it is. To successfully log out from the forum, I have to manually clear the "express.sid" cookie.
-
@Julien-Heng
express.sid
is the name of the session cookie that NodeBB sets. It's different from the session sharing cookie. Forrevalidate
to work, you need to delete the cookie that is set by session-sharing from the other end.So when you log out from your website, that cookie needs to be deleted, and then when the user visits NodeBB, the
revalidate
logic kicks in, can't find the cookie, and logs out the user from NodeBB. -
@julian it works properly now! thank you so much. really appreciate it!
-
When a new user registers on the website and subsequently accesses the forum, their account is successfully created on the forum. However, despite specifying in the plugin settings to include the user's email during session sharing (by passing in id, username, and email), the email information is not being transferred or shown in the forum. Do you have any idea why? Thank you in advance!