RE: https SSL issue invalid csrf token

@julian we are using apache2 to host nodebb

@julian how can we check whether it is passing to https equivalents or not. Any where i need to configure that?

@adam-poniatowski this is not working, if i remove 4567 then it will access my parent web application, from where i'm accessing forum applicaiton

@teh_g As explained above we tried that one too, by adding https in config.json.
In this case unable to login getting Login Unsuccessful We were unable to log you in, likely due to an expired session. Please try again" ie. invalid-csrf-token error.

Same time no of sessions are creating in sessions model

https://app.mysite.com:4567

I'm using AWS EC2 instance with Apache2, my config.json looks like below
{
"url": "https://app.mysite.com:4567",
"secret": "b75e7387-3d2a-487b-8b14-2c2c0c01c6fe",
"database": "mongo",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "careerwaze",
"password": "careerwaze",
"database": "forums"
}
}
When i'm running with this configuration using "https://", getting "Login Unsuccessful We were unable to log you in, likely due to an expired session. Please try again" ie. invalid-csrf-token error. Here no of sessions are creating for one login.

26/7 09:31 [26144] - error: /login
invalid csrf token

When accessing with the below config.json i.e with "http://"
{
"url": "http://app.mysite.com:4567",
"secret": "b75e7387-3d2a-487b-8b14-2c2c0c01c6fe",
"database": "mongo",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "careerwaze",
"password": "careerwaze",
"database": "forums"
}
}
Its logging correctly only one session object is creating. When logout the application it logging out successfully.
But when i'm using session sharing plugin to login from other application using "JWT" its logging in correctly, but when trying to logout its not working. Here session is deleting but immediately when i'm clicking refresh it again showing the same user.

I have tried all the possible combination while setting the cookie domain in session sharing plugin.
.mysite.com
*.mysite.com
mysite.com
app.mysite.com

Any help @julian @baris

@baris Hi, i too have the same requirement, i understand that we have to write a plugin to use the hooks filter:user.updateProfile.

Could you please provide any sample to write plugin and use this hook.
Thanks

@julian Some where i have seen this reply replied by you If your game can read the mongodb database the forum uses (or Redis), then you can use the express.sid cookie to retrieve their session from the NodeBB database and log them in that way.

I can able to connect to mongoDB from my application by executing db.sessions.find().pretty();, there are no of cookies are available there. How can get the relevant cookie to delete and logout the user

@julian I tried the same to delete express.sid in my application, but unable to get that expression.sid name under my application cookies, in browse console i'm able to see the cookie under application->cookies.

How can i call logout functionality from external application, so that Nodebb can logout. Any api available like /logout.
Reverse I am able to do, logging out my application when clicked on Nodebb logout.

@baris could you please tell where the exactly custom is located in ACP