Perhaps additional information will help to solve the problem:
Network monitor (302): https://yadi.sk/i/oomrSBNg5ZHOUg
Network monitor (500): https://yadi.sk/i/iiIDc91ObGMi8A
Hi @freimaks … sorry for the trouble here.
The invalid state error can occur for a few reasons but what it’s trying to do is make sure that the response from Auth0 is for the same user/process that requested it. We set a cookie when you login with a value, then verify that value when you return after authenticating.
I don’t think I totally understand the process that’s happening here. Let me see if I can clarify using the same step numbers.
1. When you go here, are you seeing an embedded form on that page or are you redirected to Auth0 to login? The latest version of the plugin released yesterday (3.10.0) changes this a bit so it might be a good idea to update and try again.
2. So this just displays a message on the My Account page? Does this just say to check your email to verify and log in?
3. How do you verify the email?
4. “I return on my first page (which opened after redirection)” – How do you do this? What page are you going to?
It sounds like the same state value is being used a second time. If possible, it might be best to somehow trigger a page refresh so you’re sure that it’s a new value being used.
If you can generate a HAR file for the failing process end to end, that might be helpful.
@auth0josh , Hi!
I have two tabs open: the page of my site with the login form and the mailbox. When I confirm the mail on the link from the letter, another tab opens, which actually duplicates the first one.
I’m trying to enter the username and password on the first tab. If I try to log in to from new tab that opens after confirming the mail, then everything works fine.
I was thinking about forced update of the first tab, but this is not entirely correct in my opinion.
As far as I understand the problem is in cookies.
HAR file: https://yadi.sk/d/9wN869OrxadrrA
That could definitely cause a problem. The cookies are generated when a page with a login form (or redirect to the Universal Login Page) is generated so they could be getting crossed up when the new form loads. The best way to check is to see what cookie you have (load a totally separate page without a login form and check for the auth0_state cookie) and then see what the state value is from the URL. It’s likely that those 2 are different?
Is there any way to keep the login form from loading on one or the other page? The email verification prompt does not need to load a form if one is loaded on the second tab.
@auth0josh
Yes, You are right.
On the page with email verification prompt, I just will not display the form Auth0.
Great to hear. I’ll close this for now but feel free to post back if you need anymore guidance here.
