No resumable session found reason:The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again!

[meotimdihia]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

Today, I switched my website domain and a lot of users can't log in by using a Google/Facebook account (oidc). Clear cookies might work but not everyone knows do it.
Even someone said they cleared cookies but still can't log in to my website.

I get these logs:

selfservice_errors table:

{
  "code": 400,
  "debug": "key ory_kratos_oidc_auth_code_session does not exist in cookie: ory_kratos_continuity\ngithub.com/ory/kratos/x.SessionGetString.func1\n\t/project/x/cookie.go:30\ngithub.com/ory/kratos/x.SessionGetString.func2\n\t/project/x/cookie.go:40\ngithub.com/gorilla/sessions.(*CookieStore).NewExact\n\t/go/pkg/mod/github.com/ory/sessions@v1.2.2-0.20220110165800-b09c17334dc2/store.go:158\ngithub.com/gorilla/sessions.(*Registry).GetExact\n\t/go/pkg/mod/github.com/ory/sessions@v1.2.2-0.20220110165800-b09c17334dc2/sessions.go:162\ngithub.com/gorilla/sessions.(*CookieStore).GetExact\n\t/go/pkg/mod/github.com/ory/sessions@v1.2.2-0.20220110165800-b09c17334dc2/store.go:112\ngithub.com/ory/kratos/x.SessionGetString\n\t/project/x/cookie.go:39\ngithub.com/ory/kratos/continuity.(*ManagerCookie).sid\n\t/project/continuity/manager_cookie.go:100\ngithub.com/ory/kratos/continuity.(*ManagerCookie).container\n\t/project/continuity/manager_cookie.go:112\ngithub.com/ory/kratos/continuity.(*ManagerCookie).Continue\n\t/project/continuity/manager_cookie.go:67\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).validateCallback\n\t/project/selfservice/strategy/oidc/strategy.go:305\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).handleCallback\n\t/project/selfservice/strategy/oidc/strategy.go:377\ngithub.com/ory/kratos/selfservice/strategy.disabledWriter\n\t/project/selfservice/strategy/handler.go:28\ngithub.com/ory/kratos/selfservice/strategy.IsDisabled.func1\n\t/project/selfservice/strategy/handler.go:33\ngithub.com/ory/kratos/x.NoCacheHandle.func1\n\t/project/x/nocache.go:21\ngithub.com/ory/kratos/x.NoCacheHandle.func1\n\t/project/x/nocache.go:21\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/httprouter@v1.3.0/router.go:387\ngithub.com/ory/nosurf.(*CSRFHandler).handleSuccess\n\t/go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:234\ngithub.com/ory/nosurf.(*CSRFHandler).ServeHTTP\n\t/go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:191\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/kratos/x.glob..func1\n\t/project/x/clean_url.go:15\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2122\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerResponseSize.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:284\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2122\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:142\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2122\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:92\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2122\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:104",
  "reason": "The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again!",
  "status": "Bad Request",
  "message": "no resumable session found"
}

docker logs:
myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:104 message:no resumable session found reason:The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again! status:Bad Request status_code:400] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 accept-encoding:gzip accept-language:it-IT,it;q=0.9,en-us;q=0.8,en;q=0.7 cdn-loop:cloudflare cf-connecting-ip:5.90.161.99 cf-ipcountry:IT cf-ray:82fd35a38e020df1-MXP cf-visitor:{"scheme":"https"} cookie:[_ga=GA1.1.1924500242.1701580320; cf_clearance=P7Wo1vRkA8ur_HRo3KlgpXgZwtRFahIlQdfVh3HHhos-1701621172-0-1-58eedbd0.6a6518d0.fef8430-0.2.1701621172; _ga_8JBJY7ZDMX=GS1.1.1701621172.2.1.1701621183.0.0.0; ory_kratos_continuity=MTcwMTYyMTE4NXxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fKr_oV2obzKFQXWUE0fZxzl4B9XUlU3Es7bl7psTxvTG; csrf_token_018b3276481ebb3ed7c9e3160df21aa52759e54263b68d3a9765a680f724dd55=EHU7yoFlPK59k9mbbLiG6H2NNKmJAtEtiVtgj4CP9PY=; ory_kratos_session=MTcwMTYyMTE4NnxELUZ5Z3J4blNTMi1qeDNNaFcxZkhKdm8wVFJ3QWtvRG5LcFFGODB0aTZLMEE3TXhVYUQ3M0F5enVKaGc1bVotLXhOaFVvTzI5MGVFdDdIclNUYUJXT3dqYnFWanNBUndkVFNsSFFFNmQwUlJXTW5lSlFmY1IwaWhLZWVXTHNNSUFaZGNIS1NUQnh5b085REFDSGdJUTN5SWUxZWF0N2hyanotLUdreG5tUVhSM1JGbF82Yndfc0IzcUVUaVJlYTBNdkFpNjBuZ1VuT0RoRXJKdTNtOW5Cc2R2WFNVZzZEWFR6TWk0NGN0bUNWUEVMMHBtV3lxbUNObmVDZ3lKcDFiN0htdWlMQTdPVzRsc3pLeXpIbWsxdz09fETWY7XB6vd7IBiLQORWE_bVOG1UBD7c5EbB4isfrn0M] referer:https://m.facebook.com/ sec-ch-ua:"Opera";v="103", " Not;A Brand";v="99", "OperaMobile";v="78", "Chromium";v="117" sec-ch-ua-mobile:?1 sec-ch-ua-platform:"Android" sec-fetch-dest:document sec-fetch-mode:navigate sec-fetch-site:cross-site sec-fetch-user:?1 upgrade-insecure-requests:1 user-agent:Mozilla/5.0 (Linux; Android 11; MI 9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.154 Mobile Safari/537.36 OPR/78.5.4143.75924 x-forwarded-for:5.90.161.99, 5.90.161.99 x-forwarded-proto:https x-real-ip:5.90.161.99] host:auth.myapp.ink method:GET path:/self-service/methods/oidc/callback/facebook query:code=AQAKDAS5NCNIJ_N7ve0O14lyRRFzJDM779P5N75Hu1hPrXIuL2ypEVuKJLuY-JeTTc1D4lmA0-Nk4keCVrTSxLkFCN_HEFzAo_2wF5pecyJNcRyS8VJHkCWiz_y0zvwCFnrUBehk9VKgtAeQlD4OfGUZ2hB2NYmavUXg8TLAEW9cyU3o0wYkSb0lpHkzw2NADRjPPUFxe-7qCIS_A1Ws-R5FJ48DrVrwtq2wdoXL6IsgfspM6AGVV2T-qVIYp_fMmJM-xRmCkGYXTh47-kmr6YAH72X8EIswWkA9fPwNs3DU1fogZxbVe2_ex3Kgs95LIyKBOiS46HxaCbX5auD8vfGrDlYIJOm29Yx_Kf6DyeiX0Oy_8X_HNNxL_Vw4Je5W5is&state=OGU0ZDBmYzMtMzQ0Ny00NTJkLTk5ZjMtNWFmM2Y5MGJmNzRmOv2vS5pZSEwxtlaGc_eb19c remote:127.0.0.1:51914 scheme:http] service_name=Ory Kratos service_version=v1.0.0
myappink-kratos-1 | time=2023-12-03T16:33:24Z level=error msg=An error occurred and is being forwarded to the error user interface. audience=application error=map[debug:key ory_kratos_oidc_auth_code_session does not exist in cookie: ory_kratos_continuity
myappink-kratos-1 | github.com/ory/kratos/x.SessionGetString.func1
myappink-kratos-1 | /project/x/cookie.go:30
myappink-kratos-1 | github.com/ory/kratos/x.SessionGetString.func2
myappink-kratos-1 | /project/x/cookie.go:40
myappink-kratos-1 | github.com/gorilla/sessions.(*CookieStore).NewExact
myappink-kratos-1 | /go/pkg/mod/github.com/ory/sessions@v1.2.2-0.20220110165800-b09c17334dc2/store.go:158
myappink-kratos-1 | github.com/gorilla/sessions.(*Registry).GetExact
myappink-kratos-1 | /go/pkg/mod/github.com/ory/sessions@v1.2.2-0.20220110165800-b09c17334dc2/sessions.go:162
myappink-kratos-1 | github.com/gorilla/sessions.(*CookieStore).GetExact
myappink-kratos-1 | /go/pkg/mod/github.com/ory/sessions@v1.2.2-0.20220110165800-b09c17334dc2/store.go:112
myappink-kratos-1 | github.com/ory/kratos/x.SessionGetString
myappink-kratos-1 | /project/x/cookie.go:39
myappink-kratos-1 | github.com/ory/kratos/continuity.(*ManagerCookie).sid
myappink-kratos-1 | /project/continuity/manager_cookie.go:100
myappink-kratos-1 | github.com/ory/kratos/continuity.(*ManagerCookie).container
myappink-kratos-1 | /project/continuity/manager_cookie.go:112
myappink-kratos-1 | github.com/ory/kratos/continuity.(*ManagerCookie).Continue
myappink-kratos-1 | /project/continuity/manager_cookie.go:67
myappink-kratos-1 | github.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).validateCallback
myappink-kratos-1 | /project/selfservice/strategy/oidc/strategy.go:305
myappink-kratos-1 | github.com/ory/kratos/selfservice/strategy/oidc.(Strategy).handleCallback
myappink-kratos-1 | /project/selfservice/strategy/oidc/strategy.go:377
myappink-kratos-1 | github.com/ory/kratos/selfservice/strategy.disabledWriter
myappink-kratos-1 | /project/selfservice/strategy/handler.go:28
myappink-kratos-1 | github.com/ory/kratos/selfservice/strategy.IsDisabled.func1
myappink-kratos-1 | /project/selfservice/strategy/handler.go:33
myappink-kratos-1 | github.com/ory/kratos/x.NoCacheHandle.func1
myappink-kratos-1 | /project/x/nocache.go:21
myappink-kratos-1 | github.com/ory/kratos/x.NoCacheHandle.func1
myappink-kratos-1 | /project/x/nocache.go:21
myappink-kratos-1 | github.com/julienschmidt/httprouter.(Router).ServeHTTP
myappink-kratos-1 | /go/pkg/mod/github.com/julienschmidt/httprouter@v1.3.0/router.go:387
myappink-kratos-1 | github.com/ory/nosurf.(CSRFHandler).handleSuccess
myappink-kratos-1 | /go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:234
myappink-kratos-1 | github.com/ory/nosurf.(CSRFHandler).ServeHTTP
myappink-kratos-1 | /go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:191
myappink-kratos-1 | github.com/urfave/negroni.Wrap.func1
myappink-kratos-1 | /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46
myappink-kratos-1 | github.com/urfave/negroni.HandlerFunc.ServeHTTP
myappink-kratos-1 | /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29
myappink-kratos-1 | github.com/urfave/negroni.middleware.ServeHTTP
myappink-kratos-1 | /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38
myappink-kratos-1 | github.com/ory/kratos/x.glob..func1
myappink-kratos-1 | /project/x/clean_url.go:15
myappink-kratos-1 | github.com/urfave/negroni.HandlerFunc.ServeHTTP
myappink-kratos-1 | /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29
myappink-kratos-1 | github.com/urfave/negroni.middleware.ServeHTTP
myappink-kratos-1 | /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38
myappink-kratos-1 | net/http.HandlerFunc.ServeHTTP
myappink-kratos-1 | /usr/local/go/src/net/http/server.go:2122
myappink-kratos-1 | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerResponseSize.func1
myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:284
myappink-kratos-1 | net/http.HandlerFunc.ServeHTTP
myappink-kratos-1 | /usr/local/go/src/net/http/server.go:2122
myappink-kratos-1 | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1
myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:142
myappink-kratos-1 | net/http.HandlerFunc.ServeHTTP
myappink-kratos-1 | /usr/local/go/src/net/http/server.go:2122
myappink-kratos-1 | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func1
myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:92
myappink-kratos-1 | net/http.HandlerFunc.ServeHTTP
myappink-kratos-1 | /usr/local/go/src/net/http/server.go:2122
myappink-kratos-1 | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2
myappink-kratos-1 | /go/pkg/mod/github.com/prometheus/client_golang@v1.13.0/prometheus/promhttp/instrument_server.go:104 message:no resumable session found reason:The browser does not contain the necessary cookie to resume the session. This is a security violation and was blocked. Please clear your browser's cookies and cache and try again! status:Bad Request status_code:400] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 accept-encoding:gzip accept-language:id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7 cdn-loop:cloudflare cf-connecting-ip:2001:448a:1082:9fb4:b4e8:a38e:e954:272c cf-ipcountry:ID cf-ray:82fd361088706015-SIN cf-visitor:{"scheme":"https"} cookie:[cf_clearance=J3dPi7ZV7Ucy5kG.ym0sSP8BSfulVS7L4YKlrAGO2_8-1701620576-0-1-77440175.eadfe08a.20455e95-0.2.1701620576; _ga=GA1.1.1306375033.1701620575; csrf_token_018b3276481ebb3ed7c9e3160df21aa52759e54263b68d3a9765a680f724dd55=U+VHIpLnT8OQVgKoJ3ubVvCJunGFmGJkPvnTEuaDioE=; ory_kratos_continuity=MTcwMTYyMTE5NnxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fGsygNq_OmdAIWNmbxTzMyCmCJhQ2QifnE-3I6cw7Oi1; _ga_8JBJY7ZDMX=GS1.1.1701620574.1.1.1701621199.0.0.0] referer:https://accounts.google.com/ sec-ch-ua:"Google Chrome";v="119", "Chromium";v="119", "Not?A_Brand";v="24" sec-ch-ua-mobile:?1 sec-ch-ua-platform:"Android" sec-fetch-dest:document sec-fetch-mode:navigate sec-fetch-site:cross-site sec-fetch-user:?1 upgrade-insecure-requests:1 user-agent:Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36 x-forwarded-for:2001:448a:1082:9fb4:b4e8:a38e:e954:272c, 2001:448a:1082:9fb4:b4e8:a38e:e954:272c x-forwarded-proto:https x-real-ip:2001:448a:1082:9fb4:b4e8:a38e:e954:272c] host:auth.myapp.ink method:GET path:/self-service/methods/oidc/callback/google query:state=YzNmM2Y0NDMtZjNkOS00YWFlLWI4NTMtNjcxYjY4MjY2ZWE4Og4GN4_w00pZurzl-QG-ogY&code=4%2F0AfJohXluI4mC9izPRCY3WWC5XqSRnJEbNi3Ezg6W1ftfIaV9u-WxFhd22hqlv7goMzIF2Q&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid&authuser=2&prompt=none remote:127.0.0.1:55362 scheme:http] service_name=Ory Kratos service_version=v1.0.0
myappink-kratos-1 | time=2023-12-03T16:33:27Z level=error msg=An error occurred and is being forwarded to the error user interface. audience=application error=map[message:aborted registration hook execution] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 accept-encoding:gzip accept-language:en-US,en;q=0.9 cdn-loop:cloudflare cf-connecting-ip:2601:680:cc00:3340:f975:8df:ba8a:a974 cf-ipcountry:US cf-ray:82fd3601efd5ce48-SJC cf-visitor:{"scheme":"https"} cookie:[_ga_8JBJY7ZDMX=GS1.1.1701621167.1.1.1701621195.0.0.0; ory_kratos_continuity=MTcwMTYyMTE5NXxEdi1CQkFFQ180SUFBUkFCRUFBQVhfLUNBQUVHYzNSeWFXNW5EQ01BSVc5eWVWOXJjbUYwYjNOZmIybGtZMTloZFhSb1gyTnZaR1ZmYzJWemMybHZiZ1p6ZEhKcGJtY01KZ0FrTW1FNFpqVXdOVE10WXpJMU15MDBPRFJqTFdFd05ESXRZV1ZqTkRBeVlXRTVZalpqfOQxwJS60bQXIy1Jxcp-Wc-TJrZU1MnzeGvB9IHCAufq; _ga=GA1.1.143816976.1701621167; csrf_token_018b3276481ebb3ed7c9e3160df21aa52759e54263b68d3a9765a680f724dd55=h/0sb+EhMy/BAdnUbovpkxWO7Qoc5kXhxn8hXPGrchQ=; cf_clearance=Bvxn7J4RytzsyqEyXGrBvn5PZmiKMyO0MmCzjLRGt10-1701620839-0-1-e1871b73.bda53fa5.b6864493-0.2.1701620839] referer:https://accounts.google.com/ user-agent:Mozilla/5.0 (iPhone; CPU iPhone OS 16_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Mobile/15E148 Safari/604.1 x-forwarded-for:2601:680:cc00:3340:f975:8df:ba8a:a974, 2601:680:cc00:3340:f975:8df:ba8a:a974 x-forwarded-proto:https x-real-ip:2601:680:cc00:3340:f975:8df:ba8a:a974] host:auth.myapp.ink method:GET path:/self-service/methods/oidc/callback/google query:state=ZmRlN2E4NzItNDM3YS00ZWU3LTgwYTYtOTZhOGE1NDNhNzg0Oj3BwObNTUpisbj8Yiwqwrw&code=4%2F0AfJohXngl2kH_5D1DMiqFVmT4tlaW7K0pd80OAVBi-cEq-1FFriMdY8lBx4skpFsJBcbHA&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=4&prompt=none remote:127.0.0.1:51914 scheme:http] service_name=Ory Kratos service_version=v1.0.0
myappink-kratos-1 | time=2023-12-03T16:33:52Z level=error msg=Webhook request failed audience=application duration=1.18235498s error=map[message:1 validation errors occurred:
myappink-kratos-1 | (0) I[#/traits/username] S[] a webhook target returned an error] otel=map[span_id:0000000000000000 trace_id:00000000000000000000000000000000] service_name=Ory Kratos service_version=v1.0.0

Reproducing the bug

I can't reproduce this problem. But Ory is full of these logs.

Relevant log output

No response

Relevant configuration

No response

Version

v1.0.0

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

[jonas-jonas]

Did you also update "cookies.domain" setting?

[meotimdihia]

Did you also update "cookies.domain" setting?

yes, I did it, but the error happened randomly. And just with oidc login.