What could cause the original 'OAuth2' state parameter to be null in org.springframework.social.connect.web.ConnectSupport?

Question

I am trying to use Spring Social on my application and I noticed while debugging that the original \'OAuth2\' state parameter is always null on my app.

See Spring So

Answer 1

Try this work around and see if that works for you:

To my surprise I opened application in a 'incognito' browser and everything worked. Just like that. I think before something got cached and was causing the issue.

I ran into this issue today, My application was working perfectly fine. I just took a break for few hours and when I ran it again it started complaining about 'The OAuth2 'state' parameter is missing or doesn't match.' The state param is first put into the session then the request goes out to facebook and the request comes back with the same state param but when spring is looking for session object to get the state param, it is not finding the session. I think it is not finding the session because when the request comes back it thinks that it is a different client (or host), even though the old HttpSession object still exists. The container maintains a HttpSession per client.