Login/Register
"You cannot access this page directly" - Hybrid Auth
Asked Answered
phpyiiamazon-web-servicesamazon-elastic-beanstalkhybridauth
P

9

15

I'm hosting my PHP Yii application on AWS Elastic Beanstalk and hence using the database to store sessions. I've successfully implemented facebook login using Hybridauth on a shared hosting environment. When I host on Elastic Beanstalk facebook login gives the error:

"You cannot access this page directly"

The URL ends up as:

http://mydomain.com/hybridauth/default/callback?hauth.start=Facebook&hauth.time=1393106016

I've learnt from here that this is related to facebook calling back to the application but finding a different session. Endpoint.php then throws the error:

            # Init Hybrid_Auth
        try {
            // Check if Hybrid_Auth session already exist
            if ( ! isset( $_SESSION["HA::CONFIG"] ) ) { 
                header( "HTTP/1.0 404 Not Found" );
                die( "You cannot access this page directly." );
            }

How can I ensure facebook calls back to the same session and successfully signs in with hybridauth?

Photoelectrotype answered 22/2, 2014 at 21:57 Comment(4)
Are you using a plugin or are you using a direct implementation?Hamamelidaceous
Sorry I don't fully understand the question. I've implemented this extension - yiiframework.com/extension/hybridauth - into my Yii app.Photoelectrotype
do you got solution?Parmesan
same problem for me when I use ZF2 with hybrid auth and use DB handler for sessions. Using session directly works as expected.Orville
O
5

Its due to PHP SESSION name If you have change session name in confing file of Yii. Then you have to use add this session_name('samar_v4'); in file protected/modules/user/vendors/hybridauth/Hybrid/Endpoint.php in starting of functoin authInit

Oxa answered 23/11, 2015 at 12:3 Comment(0)
C
3

Check your Facebook application's redirect URL. Facebook doesn't allow multiple redirect URLs. So each time you change your hosting/domain/address, you'll have to reconfigure the Facebook application's redirect URL or use a different set of credential.

Also your redirect URL should be something like this: http://mydomain.com/hybridauth/?hauth.done=Facebook

Containerize answered 3/3, 2014 at 19:4 Comment(1)
Thanks for your answer. I've ensured this is configured correctly, it's not this problem, sadly.Photoelectrotype
O
2

This worked for me as well:

"base_url" => "https://example.com/inc/hybridauth/",

I changed it to

"base_url" => "https://".$_SERVER['HTTP_HOST']."/inc/hybridauth/",

Ogawa answered 16/3, 2015 at 13:39 Comment(0)
A
1

For me it worked on the main domain but not on a subdomain. I worked out it was the base_url in config.php that caused the error.

Instead of

"base_url" => "https://mydomain.com/inc/hybridauth/",

I changed it to

"base_url" => "https://".$_SERVER['HTTP_HOST']."/inc/hybridauth/",

Now it works anywhere I put it.

Amur answered 14/9, 2014 at 6:43 Comment(2)
i tried ur answer in a plugin that I am developing for my website since its not based on any standard MVC framework . I was also getting page cannot be displayed problem . but After I change the base url = > "base_url" => "https://".$_SERVER['HTTP_HOST']."/inc/hybridauth/", it says now An error occurred during a connection to wstation.wzx.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)Charissecharita
Hi @Vikram that's an SSL issue you have now. If you are not using SSL just change https to http, or better if you use both "//".$_SERVER['HTTP_HOST']."/inc/hybridauth/". See more info about the error you mentioned at #119836Amur
W
1

For anyone else struggling with this issue, and its not related to the www-domain registration issue, my problem had to do with not being able to write to the php session directory. Not sure how or when it was altered, but if you cannot write to /var/lib/php/5.5/session, hybridauth will not work.

Williswillison answered 27/2, 2015 at 21:12 Comment(0)
S
1

As per the other answers, I believe this is a session problem, perhaps the session is started under the wrong domain and then cannot be re-fetched under the other domain.

I solved this by removing various ServerAlias settings from my development Apache config.

this 'caused' the error:

ServerName mydomain.com.au.localhost
ServerAlias www.mydomain.com.au.localhost
ServerAlias localhost.mydomain.com.au        # << using this one

this fixed the error:

#ServerName mydomain.com.au.localhost
#ServerAlias www.mydomain.com.au.localhost
ServerName localhost.mydomain.com.au        # << using this one

apachectl restart

(I normally use mydomain.com.au.localhost so I'm leaving them in for later use.)

Sphenoid answered 16/6, 2016 at 1:18 Comment(0)
C
1

I had the same issue using Hybrid Auth 2.8. It relates to our custom session handler which is set by session_set_save_handler(). Hybrid Auth uses standard PHP sessions, so after redirecting and opening a new session, Hybrid Auth starts using standard PHP file sessions instead of your custom session handler. This result in the loss of config data from our session and getting this error message.

I resolved this issue by adding our own custom session handler at the top of hybridauth/index.php (located in the same dir as config.php and live.php). This forces Hybrid Auth to use your custom session handler.

Chrysa answered 9/2, 2017 at 10:45 Comment(0)
B
0

I found this problem that seems unsolvable. I was giving up, that's when my instinct led me to do a test and voila everything working.

For anyone with the same problem have a question: The file that calls the API is in the same directory it?

  Me only worked when I put my file in the same folder as the config.php file. Try it there and tell me if it works!

A hug and Greetings to all!

Brighten answered 26/5, 2016 at 21:36 Comment(0)
C
0

I solved my particular HybridAuth "You cannot access this page directly" error with the domain name on the session cookie. My app exists on a subdomain and I'd designed the redirect to point to socialize.sub.domain.tld, and the cookie wasn't reaching the _Endpoint.

Changing the session domain to .domain.tld solved it. - Hope this helps :)

Caul answered 23/8, 2016 at 0:40 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.