Redirect loop
-
Opening a topic on our forum in Brave results in a redirect loop: instead of returning a 200 status, it returns a 302 status with a Location header pointing to the same URL (at which point it repeats the same request and gets the same response).
- The issue only happens in Brave; the site works correctly in Chrome and Safari.
- The issue does not happen when running the site locally.
- I cannot replicate the issue on community.nodebb.org.
- There are no errors in the logs.
- If left running for long enough, occasionally it will break out of the loop and show the correct page.
- We recently installed a fork of github.com/julianlam/nodebb-plugin-session-sharing (modified to get user data from Keycloak’s
userinfoendpoint rather than directly from the access token); the issue seems to be related to this plugin, since it went away when I deactivated the plugin and started happening again after I reactivated it.
-
Opening a topic on our forum in Brave results in a redirect loop: instead of returning a 200 status, it returns a 302 status with a Location header pointing to the same URL (at which point it repeats the same request and gets the same response).
- The issue only happens in Brave; the site works correctly in Chrome and Safari.
- The issue does not happen when running the site locally.
- I cannot replicate the issue on community.nodebb.org.
- There are no errors in the logs.
- If left running for long enough, occasionally it will break out of the loop and show the correct page.
- We recently installed a fork of github.com/julianlam/nodebb-plugin-session-sharing (modified to get user data from Keycloak’s
userinfoendpoint rather than directly from the access token); the issue seems to be related to this plugin, since it went away when I deactivated the plugin and started happening again after I reactivated it.
chartung just one topic? All other topics work fine?
Brave comes with ad blocking yes? Let me know the url. I bet it’s related to that.
-
julian No, it’s not just one topic. After further testing, it appears that it can happen randomly on any page of the site, and once it happens once it usually keeps happening on every page on the site at least for several minutes or until I delete the
express.sidcookie. Since it appears to be random, I can’t say for certain that it’s only affecting Brave (that’s the only browser I’ve seen the issue on, but it’s also the browser I use most often). -
julian No, it’s not just one topic. After further testing, it appears that it can happen randomly on any page of the site, and once it happens once it usually keeps happening on every page on the site at least for several minutes or until I delete the
express.sidcookie. Since it appears to be random, I can’t say for certain that it’s only affecting Brave (that’s the only browser I’ve seen the issue on, but it’s also the browser I use most often).chartung are there any logs emitted when this starts happening? On the backend that is
-
julian No, there is nothing in the logs.
-
julian I think I found the problem. When I forked the plugin, I removed the lines related to
req.session.loginLock, thinking they were unnecessary; on further inspection, it appears that I was mistaken and theloginLockis actually essential to preventing redirect loops when revalidating. -
julian I think I found the problem. When I forked the plugin, I removed the lines related to
req.session.loginLock, thinking they were unnecessary; on further inspection, it appears that I was mistaken and theloginLockis actually essential to preventing redirect loops when revalidating.chartung ah… Yes
usually they’re in there for a reason heheGlad you figured it out!
