Infinite loop when logging in to various services #22
Description
Happening on expo.hexlabs.org and live.hexlabs.org as far as i can tell, maybe more (not registration.hexlabs.org though...)
Repro:
- Head to expo.hexlabs.org or live.hexlabs.org
- It will attempt to redirect to login.hexlabs.org (if not then you prob have a valid session token or something, use incognito or a new browser)
- After logging in (any account) it'll redirect back to wherever you came from
- Expo redirects back to login again, and repeats
Cause?
From the looks of the URL it seems login is passing the session token to the destination site through query param, but somehow the destination isnt reading that correctly, so it doesnt get the session cookie, and then it thinks the user is unauthenticated, and redirects back to login. But login now has the cookie set (we can see it in devtools) so it thinks "this guy's already logged in, just take them to the destination url" and then the cycle repeats.
Registration is working properly though, so maybe take a look there and see how it's parsing the cookie correctly.