Dealing with error: No CSRF value available in the session cookie

hoangnh · April 20, 2020, 6:51pm

I’m building a project and using Hydra as an Oauth2 Authorization Server. When I developed in local machine, I used:

Hydra public: localhost:9000
Hydra admin: localhost:9001
Express and React: localhost:3000
I make it run successfully. Initialize flow with api:
https://localhost:9000/oauth2/auth?response_type=code&client_id=xxx…
–> redirect to login page with login_challenge. I checked in Storage and see oauth2_authentication_csrf was generated
–> input credential and submit login success
–> call accept login request
–> redirect to consent flow
…
But when deploy:
Hydra in aws ec2 instance
Express and React: localhost:3000
Initialize flow with api:
https://ec2-ip:9000/oauth2/auth?response_type=code&client_id=xxx…
–> redirect to login page and now when I checked in Storage I don’t see oauth2_authentication_csrf was generated
–> input credential and submit login success
–> call accept login request and get error:
"No CSRF value available in the session cookie"

Why the oauth2_authentication_csrf wasn’t generated when redirect from ec2 to localhost? Any ideal for this error?
Thanks!

hoangnh · April 21, 2020, 3:28am

@hackerman Could you give some advice? or more information I need to provide.

hackerman · April 27, 2020, 1:16pm

Does this hep?

hoangnh · April 27, 2020, 1:16pm

Yes, after debugging I know exactly my error. Now I’m using the same domain for hydra and login app (each subdomain for each app) so I can use the share cookie.
I think that I have to review this error later for sure that can I use its in separate domain.
Thanks.