Search code examples
c#asp.net-mvciissession-statexero-api

Session Becoming Null After Callback from XERO Authorization

I am facing a very weird problem. I have an application which basically connects to XERO Authorization using OAUTH 2.0 . The way the application works is that from my application, I have a button (provided by XERO) which basically redirects me to their OAUTH authorization page and then based on the app settings on XERO, the OAUTH page redirects me back to My application to a controller Method and then does the rest of saving the Tokens etc.

I tested this on DEV and UAT and everything is working fine. Now when the time came for Publishing it to PROD machine, I did the build update on an AWS EC2 with Load Balancer connected and tested it on my machine by hitting the server and it worked as it should be.

Now the problem is that once I tested it on my CEO`s machine, it gave me the dreaded NULL POINTER EXCEPTION.

After some server side logging, I found out that my Sessions for some reason are being destroyed after the redirection.

Here is the list of things which I changed on the app but still no luck:

1- Changed the Sessions to be Saved on SQL. (Same issue works on my machine and not on the other one).

2- Checked if the AppPool for IIS is being recycled. (Not being Recycled, Same Issue).

3- Enabled "Sticky Sessions" on AWS ALB(Application Load Balancer). (Same issue).

4- Tried to save the data in Cookies and pulling it back up. (Same Issue).

Can someone please help me out on where am I going wrong with this?

EDIT

Ok I found some interesting Information. I was playing around on my EC2 instance and trying to debug the App and found the below when the 3rd Part app is redirecting back to the app (See Image Below):

This seems to be the problem I think

So, this narrows it down I guess. If anyone can help me with this then it would be great. Thanks in Advance.

Solution

  • Ok , I just found a solution on why the issue was coming, what was happening was when the Callback was done, the Cookies domain was set as (XXXX.ae) instead of (www.XXX.ae) or (.XXXX.ae) .

    The way I resolved this issue was by updating the below line on my PRODUCTION web.config.

      <system.web>
 <httpCookies domain="(your_Domain_name_here).com" httpOnlyCookies="true"/>
  </system.web>

    Do remember not to include www in your domain. As long as you have the correct Redirections applied, this won`t cause an issue and your cookies would be loaded correctly on your callback with the domain .(your_Domain_name).com.