ory
No resumable session found reason:The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again!
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
Today, I switched my website domain and a lot of users can't log in by using a Google/Facebook account (oidc). Clear cookies might work but not everyone knows do it. Even someone said they cleared cookies but still can't log in to my website.
I get these logs:
selfservice_errors table:
{
"code": 400,
"debug": "key ory_kratos_oidc_auth_code_session does not exist in cookie: ory_kratos_continuity\ngithub.com/ory/kratos/x.SessionGetString.func1\n\t/project/x/cookie.go:30\ngithub.com/ory/kratos/x.SessionGetString.func2\n\t/project/x/cookie.go:40\ngithub.com/gorilla/sessions.(*CookieStore).NewExact\n\t/go/pkg/mod/github.com/ory/[email protected]/store.go:158\ngithub.com/gorilla/sessions.(*Registry).GetExact\n\t/go/pkg/mod/github.com/ory/[email protected]/sessions.go:162\ngithub.com/gorilla/sessions.(*CookieStore).GetExact\n\t/go/pkg/mod/github.com/ory/[email protected]/store.go:112\ngithub.com/ory/kratos/x.SessionGetString\n\t/project/x/cookie.go:39\ngithub.com/ory/kratos/continuity.(*ManagerCookie).sid\n\t/project/continuity/manager_cookie.go:100\ngithub.com/ory/kratos/continuity.(*ManagerCookie).container\n\t/project/continuity/manager_cookie.go:112\ngithub.com/ory/kratos/continuity.(*ManagerCookie).Continue\n\t/project/continuity/manager_cookie.go:67\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).validateCallback\n\t/project/selfservice/strategy/oidc/strategy.go:305\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).handleCallback\n\t/project/selfservice/strategy/oidc/strategy.go:377\ngithub.com/ory/kratos/selfservice/strategy.disabledWriter\n\t/project/selfservice/strategy/handler.go:28\ngithub.com/ory/kratos/selfservice/strategy.IsDisabled.func1\n\t/project/selfservice/strategy/handler.go:33\ngithub.com/ory/kratos/x.NoCacheHandle.func1\n\t/project/x/nocache.go:21\ngithub.com/ory/kratos/x.NoCacheHandle.func1\n\t/project/x/nocache.go:21\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:387\ngithub.com/ory/nosurf.(*CSRFHandler).handleSuccess\n\t/go/pkg/mod/github.com/ory/[email protected]/handler.go:234\ngithub.com/ory/nosurf.(*CSRFHandler).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/handler.go:191\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/kratos/x.glob..func1\n\t/project/x/clean_url.go:15\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2122\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerResponseSize.func1\n\t/go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:284\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2122\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1\n\t/go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:142\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2122\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func1\n\t/go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:92\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2122\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2\n\t/go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:104",
"reason": "The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again!",
"status": "Bad Request",
"message": "no resumable session found"
}
docker logs: myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:104 message:no resumable session found reason:The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again! status:Bad Request status_code:400] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 accept-encoding:gzip accept-language:it-IT,it;q=0.9,en-us;q=0.8,en;q=0.7 cdn-loop:cloudflare cf-connecting-ip:5.90.161.99 cf-ipcountry:IT cf-ray:82fd35a38e020df1-MXP cf-visitor:{"scheme":"https"} cookie:[_ga=GA1.1.1924500242.1701580320; cf_clearance=P7Wo1vRkA8ur_HRo3KlgpXgZwtRFahIlQdfVh3HHhos-1701621172-0-1-58eedbd0.6a6518d0.fef8430-0.2.1701621172; _ga_8JBJY7ZDMX=GS1.1.1701621172.2.1.1701621183.0.0.0; ory_kratos_continuity=MTcwMTYyMTE4NXxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fKr_oV2obzKFQXWUE0fZxzl4B9XUlU3Es7bl7psTxvTG; csrf_token_018b3276481ebb3ed7c9e3160df21aa52759e54263b68d3a9765a680f724dd55=EHU7yoFlPK59k9mbbLiG6H2NNKmJAtEtiVtgj4CP9PY=; ory_kratos_session=MTcwMTYyMTE4NnxELUZ5Z3J4blNTMi1qeDNNaFcxZkhKdm8wVFJ3QWtvRG5LcFFGODB0aTZLMEE3TXhVYUQ3M0F5enVKaGc1bVotLXhOaFVvTzI5MGVFdDdIclNUYUJXT3dqYnFWanNBUndkVFNsSFFFNmQwUlJXTW5lSlFmY1IwaWhLZWVXTHNNSUFaZGNIS1NUQnh5b085REFDSGdJUTN5SWUxZWF0N2hyanotLUdreG5tUVhSM1JGbF82Yndfc0IzcUVUaVJlYTBNdkFpNjBuZ1VuT0RoRXJKdTNtOW5Cc2R2WFNVZzZEWFR6TWk0NGN0bUNWUEVMMHBtV3lxbUNObmVDZ3lKcDFiN0htdWlMQTdPVzRsc3pLeXpIbWsxdz09fETWY7XB6vd7IBiLQORWE_bVOG1UBD7c5EbB4isfrn0M] referer:https://m.facebook.com/ sec-ch-ua:"Opera";v="103", " Not;A Brand";v="99", "OperaMobile";v="78", "Chromium";v="117" sec-ch-ua-mobile:?1 sec-ch-ua-platform:"Android" sec-fetch-dest:document sec-fetch-mode:navigate sec-fetch-site:cross-site sec-fetch-user:?1 upgrade-insecure-requests:1 user-agent:Mozilla/5.0 (Linux; Android 11; MI 9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.154 Mobile Safari/537.36 OPR/78.5.4143.75924 x-forwarded-for:5.90.161.99, 5.90.161.99 x-forwarded-proto:https x-real-ip:5.90.161.99] host:auth.myapp.ink method:GET path:/self-service/methods/oidc/callback/facebook query:code=AQAKDAS5NCNIJ_N7ve0O14lyRRFzJDM779P5N75Hu1hPrXIuL2ypEVuKJLuY-JeTTc1D4lmA0-Nk4keCVrTSxLkFCN_HEFzAo_2wF5pecyJNcRyS8VJHkCWiz_y0zvwCFnrUBehk9VKgtAeQlD4OfGUZ2hB2NYmavUXg8TLAEW9cyU3o0wYkSb0lpHkzw2NADRjPPUFxe-7qCIS_A1Ws-R5FJ48DrVrwtq2wdoXL6IsgfspM6AGVV2T-qVIYp_fMmJM-xRmCkGYXTh47-kmr6YAH72X8EIswWkA9fPwNs3DU1fogZxbVe2_ex3Kgs95LIyKBOiS46HxaCbX5auD8vfGrDlYIJOm29Yx_Kf6DyeiX0Oy_8X_HNNxL_Vw4Je5W5is&state=OGU0ZDBmYzMtMzQ0Ny00NTJkLTk5ZjMtNWFmM2Y5MGJmNzRmOv2vS5pZSEwxtlaGc_eb19c remote:127.0.0.1:51914 scheme:http] service_name=Ory Kratos service_version=v1.0.0 myappink-kratos-1 | time=2023-12-03T16:33:24Z level=error msg=An error occurred and is being forwarded to the error user interface. audience=application error=map[debug:key ory_kratos_oidc_auth_code_session does not exist in cookie: ory_kratos_continuity myappink-kratos-1 | github.com/ory/kratos/x.SessionGetString.func1 myappink-kratos-1 | /project/x/cookie.go:30 myappink-kratos-1 | github.com/ory/kratos/x.SessionGetString.func2 myappink-kratos-1 | /project/x/cookie.go:40 myappink-kratos-1 | github.com/gorilla/sessions.(*CookieStore).NewExact myappink-kratos-1 | /go/pkg/mod/github.com/ory/[email protected]/store.go:158 myappink-kratos-1 | github.com/gorilla/sessions.(*Registry).GetExact myappink-kratos-1 | /go/pkg/mod/github.com/ory/[email protected]/sessions.go:162 myappink-kratos-1 | github.com/gorilla/sessions.(*CookieStore).GetExact myappink-kratos-1 | /go/pkg/mod/github.com/ory/[email protected]/store.go:112 myappink-kratos-1 | github.com/ory/kratos/x.SessionGetString myappink-kratos-1 | /project/x/cookie.go:39 myappink-kratos-1 | github.com/ory/kratos/continuity.(*ManagerCookie).sid myappink-kratos-1 | /project/continuity/manager_cookie.go:100 myappink-kratos-1 | github.com/ory/kratos/continuity.(*ManagerCookie).container myappink-kratos-1 | /project/continuity/manager_cookie.go:112 myappink-kratos-1 | github.com/ory/kratos/continuity.(*ManagerCookie).Continue myappink-kratos-1 | /project/continuity/manager_cookie.go:67 myappink-kratos-1 | github.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).validateCallback myappink-kratos-1 | /project/selfservice/strategy/oidc/strategy.go:305 myappink-kratos-1 | github.com/ory/kratos/selfservice/strategy/oidc.(Strategy).handleCallback myappink-kratos-1 | /project/selfservice/strategy/oidc/strategy.go:377 myappink-kratos-1 | github.com/ory/kratos/selfservice/strategy.disabledWriter myappink-kratos-1 | /project/selfservice/strategy/handler.go:28 myappink-kratos-1 | github.com/ory/kratos/selfservice/strategy.IsDisabled.func1 myappink-kratos-1 | /project/selfservice/strategy/handler.go:33 myappink-kratos-1 | github.com/ory/kratos/x.NoCacheHandle.func1 myappink-kratos-1 | /project/x/nocache.go:21 myappink-kratos-1 | github.com/ory/kratos/x.NoCacheHandle.func1 myappink-kratos-1 | /project/x/nocache.go:21 myappink-kratos-1 | github.com/julienschmidt/httprouter.(Router).ServeHTTP myappink-kratos-1 | /go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:387 myappink-kratos-1 | github.com/ory/nosurf.(CSRFHandler).handleSuccess myappink-kratos-1 | /go/pkg/mod/github.com/ory/[email protected]/handler.go:234 myappink-kratos-1 | github.com/ory/nosurf.(CSRFHandler).ServeHTTP myappink-kratos-1 | /go/pkg/mod/github.com/ory/[email protected]/handler.go:191 myappink-kratos-1 | github.com/urfave/negroni.Wrap.func1 myappink-kratos-1 | /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46 myappink-kratos-1 | github.com/urfave/negroni.HandlerFunc.ServeHTTP myappink-kratos-1 | /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29 myappink-kratos-1 | github.com/urfave/negroni.middleware.ServeHTTP myappink-kratos-1 | /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 myappink-kratos-1 | github.com/ory/kratos/x.glob..func1 myappink-kratos-1 | /project/x/clean_url.go:15 myappink-kratos-1 | github.com/urfave/negroni.HandlerFunc.ServeHTTP myappink-kratos-1 | /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29 myappink-kratos-1 | github.com/urfave/negroni.middleware.ServeHTTP myappink-kratos-1 | /go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 myappink-kratos-1 | net/http.HandlerFunc.ServeHTTP myappink-kratos-1 | /usr/local/go/src/net/http/server.go:2122 myappink-kratos-1 | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerResponseSize.func1 myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:284 myappink-kratos-1 | net/http.HandlerFunc.ServeHTTP myappink-kratos-1 | /usr/local/go/src/net/http/server.go:2122 myappink-kratos-1 | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1 myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:142 myappink-kratos-1 | net/http.HandlerFunc.ServeHTTP myappink-kratos-1 | /usr/local/go/src/net/http/server.go:2122 myappink-kratos-1 | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func1 myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:92 myappink-kratos-1 | net/http.HandlerFunc.ServeHTTP myappink-kratos-1 | /usr/local/go/src/net/http/server.go:2122 myappink-kratos-1 | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2 myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/[email protected]/prometheus/promhttp/instrument_server.go:104 message:no resumable session found reason:The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again! status:Bad Request status_code:400] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 accept-encoding:gzip accept-language:id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7 cdn-loop:cloudflare cf-connecting-ip:2001:448a:1082:9fb4:b4e8:a38e:e954:272c cf-ipcountry:ID cf-ray:82fd361088706015-SIN cf-visitor:{"scheme":"https"} cookie:[cf_clearance=J3dPi7ZV7Ucy5kG.ym0sSP8BSfulVS7L4YKlrAGO2_8-1701620576-0-1-77440175.eadfe08a.20455e95-0.2.1701620576; _ga=GA1.1.1306375033.1701620575; csrf_token_018b3276481ebb3ed7c9e3160df21aa52759e54263b68d3a9765a680f724dd55=U+VHIpLnT8OQVgKoJ3ubVvCJunGFmGJkPvnTEuaDioE=; ory_kratos_continuity=MTcwMTYyMTE5NnxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fGsygNq_OmdAIWNmbxTzMyCmCJhQ2QifnE-3I6cw7Oi1; _ga_8JBJY7ZDMX=GS1.1.1701620574.1.1.1701621199.0.0.0] referer:https://accounts.google.com/ sec-ch-ua:"Google Chrome";v="119", "Chromium";v="119", "Not?A_Brand";v="24" sec-ch-ua-mobile:?1 sec-ch-ua-platform:"Android" sec-fetch-dest:document sec-fetch-mode:navigate sec-fetch-site:cross-site sec-fetch-user:?1 upgrade-insecure-requests:1 user-agent:Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36 x-forwarded-for:2001:448a:1082:9fb4:b4e8:a38e:e954:272c, 2001:448a:1082:9fb4:b4e8:a38e:e954:272c x-forwarded-proto:https x-real-ip:2001:448a:1082:9fb4:b4e8:a38e:e954:272c] host:auth.myapp.ink method:GET path:/self-service/methods/oidc/callback/google query:state=YzNmM2Y0NDMtZjNkOS00YWFlLWI4NTMtNjcxYjY4MjY2ZWE4Og4GN4_w00pZurzl-QG-ogY&code=4%2F0AfJohXluI4mC9izPRCY3WWC5XqSRnJEbNi3Ezg6W1ftfIaV9u-WxFhd22hqlv7goMzIF2Q&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid&authuser=2&prompt=none remote:127.0.0.1:55362 scheme:http] service_name=Ory Kratos service_version=v1.0.0 myappink-kratos-1 | time=2023-12-03T16:33:27Z level=error msg=An error occurred and is being forwarded to the error user interface. audience=application error=map[message:aborted registration hook execution] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 accept-encoding:gzip accept-language:en-US,en;q=0.9 cdn-loop:cloudflare cf-connecting-ip:2601:680:cc00:3340:f975:8df:ba8a:a974 cf-ipcountry:US cf-ray:82fd3601efd5ce48-SJC cf-visitor:{"scheme":"https"} cookie:[_ga_8JBJY7ZDMX=GS1.1.1701621167.1.1.1701621195.0.0.0; ory_kratos_continuity=MTcwMTYyMTE5NXxEdi1CQkFFQ180SUFBUkFCRUFBQVhfLUNBQUVHYzNSeWFXNW5EQ01BSVc5eWVWOXJjbUYwYjNOZmIybGtZMTloZFhSb1gyTnZaR1ZmYzJWemMybHZiZ1p6ZEhKcGJtY01KZ0FrTW1FNFpqVXdOVE10WXpJMU15MDBPRFJqTFdFd05ESXRZV1ZqTkRBeVlXRTVZalpqfOQxwJS60bQXIy1Jxcp-Wc-TJrZU1MnzeGvB9IHCAufq; _ga=GA1.1.143816976.1701621167; csrf_token_018b3276481ebb3ed7c9e3160df21aa52759e54263b68d3a9765a680f724dd55=h/0sb+EhMy/BAdnUbovpkxWO7Qoc5kXhxn8hXPGrchQ=; cf_clearance=Bvxn7J4RytzsyqEyXGrBvn5PZmiKMyO0MmCzjLRGt10-1701620839-0-1-e1871b73.bda53fa5.b6864493-0.2.1701620839] referer:https://accounts.google.com/ user-agent:Mozilla/5.0 (iPhone; CPU iPhone OS 16_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Mobile/15E148 Safari/604.1 x-forwarded-for:2601:680:cc00:3340:f975:8df:ba8a:a974, 2601:680:cc00:3340:f975:8df:ba8a:a974 x-forwarded-proto:https x-real-ip:2601:680:cc00:3340:f975:8df:ba8a:a974] host:auth.myapp.ink method:GET path:/self-service/methods/oidc/callback/google query:state=ZmRlN2E4NzItNDM3YS00ZWU3LTgwYTYtOTZhOGE1NDNhNzg0Oj3BwObNTUpisbj8Yiwqwrw&code=4%2F0AfJohXngl2kH_5D1DMiqFVmT4tlaW7K0pd80OAVBi-cEq-1FFriMdY8lBx4skpFsJBcbHA&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=4&prompt=none remote:127.0.0.1:51914 scheme:http] service_name=Ory Kratos service_version=v1.0.0 myappink-kratos-1 | time=2023-12-03T16:33:52Z level=error msg=Webhook request failed audience=application duration=1.18235498s error=map[message:1 validation errors occurred: myappink-kratos-1 | (0) I[#/traits/username] S[] a webhook target returned an error] otel=map[span_id:0000000000000000 trace_id:00000000000000000000000000000000] service_name=Ory Kratos service_version=v1.0.0
Reproducing the bug
I can't reproduce this problem. But Ory is full of these logs.
Relevant log output
No response
Relevant configuration
No response
Version
v1.0.0
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response
Did you also update
"cookies.domain"setting?
yes, I did it, but the error happened randomly. And just with oidc login.