Streamlit-Authenticator icon indicating copy to clipboard operation
Streamlit-Authenticator copied to clipboard

Getting random_cookie_name error

Open hunaidkhan2000 opened this issue 1 year ago • 20 comments

Hi @mkhorasani thanks for this amazing package, I kindly request your assistance with an issue that's surfaced with a Streamlit app we've recently deployed on Azure cloud. From yesterday, we've been encountering a peculiar 'Random_cookie_name' error that's preventing some users from logging out. It's interesting to note that it's not a universal issue - some of our users from different geographical locations are able to logout without trouble. To assist you in troubleshooting, I'm attaching a screenshot along with a sample yml file and script. Your expertise and guidance on this matter would be greatly appreciated. image yml file

credentials:
  usernames:
    hk:
      email: [email protected]
      name: hkhan
      password: "my hashed password" # 
##some other user names 
#file ends with 
cookie:
  expiry_days: 0
  key: "random_signature_key" # Must be a string
  name: "random_cookie_name" #we did not change it , kept it as random_cookie_name 
preauthorized:
  emails:
  - [email protected]
```


our main file authentication code is 
```
with open('chatbot_users.yml') as file:  ##../
    config = yaml.load(file, Loader=SafeLoader)

authenticator = stauth.Authenticate(
    config['credentials'],
    config['cookie']['name'],
    config['cookie']['key'],
    config['cookie']['expiry_days'],
    config['preauthorized']
)
```

hunaidkhan2000 avatar Feb 21 '24 06:02 hunaidkhan2000

Hi @hunaidkhan2000, thank you for reaching out. Can you check to see if the associated reauthentication cookie is available on the browser when this exception is thrown? You can do this by hitting F12 and typing document.cookie in the console of your browser.

mkhorasani avatar Feb 21 '24 06:02 mkhorasani

Hi @mkhorasani , I am not able to find document.cookie in my browser console. one more thing i am using streamlit-authenticator version 0.2.3

hunaidkhan2000 avatar Feb 21 '24 09:02 hunaidkhan2000

Is this how you're trying to access your cookies? image

mkhorasani avatar Feb 21 '24 12:02 mkhorasani

@mkhorasani we tried this method and one more also , Attaching the screenshot . Any idea?

image

hunaidkhan2000 avatar Feb 21 '24 14:02 hunaidkhan2000

Okay, by the looks of it, the reauthentication cookie has already been deleted. What I can do is that in a future release, when the library attempts to delete a cookie that has already been deleted, instead of throwing a fatal error I can throw a non-fatal error that allows the user to continue using the application while the error is logged on the console for the developer's notice. I think this would be a reasonable fix for the time being.

mkhorasani avatar Feb 21 '24 15:02 mkhorasani

What steps should I take in the meantime? It appears that the issue is intermittent as some users can log out without problems, while others encounter a cookie error that prevents them from logging out every time. There is a possibility that users who are able to log out might have to deal with this issue @mkhorasani

hunaidkhan2000 avatar Feb 22 '24 04:02 hunaidkhan2000

You can try to place the logout() function within a try and except block. The new release should be made very soon.

mkhorasani avatar Feb 22 '24 06:02 mkhorasani

I have this issue consistently when hosting on Streamlit cloud, but it works fine when hosting locally. I'm not seeing the cookie getting written when hosting on Streamlit cloud for me. Same issue across browsers as well. Tried Chrome and Firefox.

angelocamacho avatar Feb 22 '24 06:02 angelocamacho

I am facing a similar issue. Is there a temporary fix for this ?

pspiagicw avatar Feb 22 '24 09:02 pspiagicw

I have this issue consistently when hosting on Streamlit cloud, but it works fine when hosting locally. I'm not seeing the cookie getting written when hosting on Streamlit cloud for me. Same issue across browsers as well. Tried Chrome and Firefox.

Which version of Streamlit-Authenticator and Extra-Streamlit-Components are you using?

mkhorasani avatar Feb 22 '24 10:02 mkhorasani

Collecting streamlit-authenticator

Downloading streamlit_authenticator-0.3.1-py3-none-any.whl (17 kB)

angelocamacho avatar Feb 22 '24 11:02 angelocamacho

I'm going to release v0.3.2 in the coming days, with the new version of Extra-Streamlit-Components v0.1.70 (the library that manages the cookies), hopefully these problems should be resolved.

mkhorasani avatar Feb 22 '24 11:02 mkhorasani

@mkhorasani do let us know when you release the next version, that will help us

hunaidkhan2000 avatar Feb 23 '24 12:02 hunaidkhan2000

Having the same issue. Solution I'm using:

class FixedAuthenticate(stauth.Authenticate): 
  def _implement_logout(self):
        # Clears cookie and session state variables associated with the logged in user.
        try:
            self.cookie_manager.delete(self.cookie_name)
        except Exception as e: 
            print(e)
        self.credentials['usernames'][st.session_state['username']]['logged_in'] = False
        st.session_state['logout'] = True
        st.session_state['name'] = None
        st.session_state['username'] = None
        st.session_state['authentication_status'] = None

authenticator = FixedAuthenticate(...) 

It's a temporary fix that doesn't address the underlying issue of the cookie getting lost in the first place, but it does let the logout complete even if the issue occurs.

Explanation: inherit the Authenticate class, change the loggout implementation to catch exception from deleting the cookie.

elmighetto avatar Feb 27 '24 00:02 elmighetto

Having the same issue. Solution I'm using:

class FixedAuthenticate(stauth.Authenticate): 
  def _implement_logout(self):
        # Clears cookie and session state variables associated with the logged in user.
        try:
            self.cookie_manager.delete(self.cookie_name)
        except Exception as e: 
            print(e)
        self.credentials['usernames'][st.session_state['username']]['logged_in'] = False
        st.session_state['logout'] = True
        st.session_state['name'] = None
        st.session_state['username'] = None
        st.session_state['authentication_status'] = None

authenticator = FixedAuthenticate(...) 

It's a temporary fix that doesn't address the underlying issue of the cookie getting lost in the first place, but it does let the logout complete even if the issue occurs.

Explanation: inherit the Authenticate class, change the loggout implementation to catch exception from deleting the cookie.

Thank you so much, this worked and resolved my issue

hunaidkhan2000 avatar Feb 29 '24 07:02 hunaidkhan2000

Having the same issue. Solution I'm using:

class FixedAuthenticate(stauth.Authenticate): 
  def _implement_logout(self):
        # Clears cookie and session state variables associated with the logged in user.
        try:
            self.cookie_manager.delete(self.cookie_name)
        except Exception as e: 
            print(e)
        self.credentials['usernames'][st.session_state['username']]['logged_in'] = False
        st.session_state['logout'] = True
        st.session_state['name'] = None
        st.session_state['username'] = None
        st.session_state['authentication_status'] = None

authenticator = FixedAuthenticate(...) 

It's a temporary fix that doesn't address the underlying issue of the cookie getting lost in the first place, but it does let the logout complete even if the issue occurs.

Explanation: inherit the Authenticate class, change the loggout implementation to catch exception from deleting the cookie.

This works well for avoiding the fatal error, but it looks like authentication status isn't maintained because the cookie isn't found. So I have to log in every time I open the app. Is that a logical consequence of this cookie bug or am I making a different mistake?

yhavin avatar Mar 06 '24 21:03 yhavin

This works well for avoiding the fatal error, but it looks like authentication status isn't maintained because the cookie isn't found. So I have to log in every time I open the app. Is that a logical consequence of this cookie bug or am I making a different mistake?

Yeah if the cookie is failing to get stored, then it wouldn't be able to keep you logged in. I wonder if this issue has to do with what browser you're using? I haven't tested with anything other than google chrome personally.

elmighetto avatar Mar 06 '24 22:03 elmighetto

This works well for avoiding the fatal error, but it looks like authentication status isn't maintained because the cookie isn't found. So I have to log in every time I open the app. Is that a logical consequence of this cookie bug or am I making a different mistake?

Yeah if the cookie is failing to get stored, then it wouldn't be able to keep you logged in. I wonder if this issue has to do with what browser you're using? I haven't tested with anything other than google chrome personally.

When I set expiry days to a number, then the cookie stored. I had it at 0 before, because I wanted indefinite maintain of login, but it didn't store.

yhavin avatar Mar 06 '24 23:03 yhavin

😭Hi @mkhorasani , may I ask when will the new version will be released?

xixiaoguai727 avatar Mar 11 '24 13:03 xixiaoguai727

😭Hi @mkhorasani , may I ask when will the new version will be released?

Apologies for the delay, still working on it.

mkhorasani avatar Mar 11 '24 15:03 mkhorasani

😭Hi @mkhorasani , may I ask when will the new version will be released?

Apologies for the delay, still working on it.

No need to apologies, you did a great work for us❤️! Just take your time!

xixiaoguai727 avatar Mar 13 '24 05:03 xixiaoguai727

Thanks for the post, I am facing a similar bug when using the logout, cookie key error. I can reproduce the error if I log in, then log out, and then log in, and try to log out again. I will go with the try fix for now, thanks.

jalkestrup avatar Mar 15 '24 11:03 jalkestrup

Having the same issue. Solution I'm using:

class FixedAuthenticate(stauth.Authenticate): 

Thank you so much!

afederici75 avatar Mar 21 '24 16:03 afederici75

Having the same issue. Solution I'm using:

class FixedAuthenticate(stauth.Authenticate): 
  def _implement_logout(self):
        # Clears cookie and session state variables associated with the logged in user.
        try:
            self.cookie_manager.delete(self.cookie_name)
        except Exception as e: 
            print(e)
        self.credentials['usernames'][st.session_state['username']]['logged_in'] = False
        st.session_state['logout'] = True
        st.session_state['name'] = None
        st.session_state['username'] = None
        st.session_state['authentication_status'] = None

authenticator = FixedAuthenticate(...) 

It's a temporary fix that doesn't address the underlying issue of the cookie getting lost in the first place, but it does let the logout complete even if the issue occurs.

Explanation: inherit the Authenticate class, change the loggout implementation to catch exception from deleting the cookie.

Beautiful!, this solved the bug. Thanks

titoausten avatar Mar 22 '24 14:03 titoausten

Dear all, this issue has now been fixed in the latest release v0.3.2. Thank you for your patience

mkhorasani avatar Mar 26 '24 19:03 mkhorasani