Session state missing in python social auth

Question

I followed this tutorial (https://artandlogic.com/2014/04/tutorial-adding-facebooktwittergoogle-authentication-to-a-django-application/) and I am getting following error. I have hosted my server on a EC2- instance and I have a domain http://(xyz).com. I also saw answer of this question (Session value missing after redirect with django python-social-auth) but I am not getting any help.

Here is the stack trace in text

 AuthStateMissing at /api/user/complete/google-oauth2/
Session value state missing.
Request Method: GET
Request URL:    http://interviewmiles.com:8000/api/user/complete/google-oauth2/?state=9Sa5JSkbcAbbGzBtqpx6jtbLCuJPe6kJ&code=4/c4VTig14u7THYLd1M4VoTRf1dnq58wp6S68EbkSwhZs&authuser=0&session_state=8aa4e419c219643dc264950a24151457677d99ae..b805&prompt=none
Django Version: 1.9.7
Exception Type: AuthStateMissing
Exception Value:    
Session value state missing.
Exception Location: /usr/local/lib/python2.7/site-packages/social/backends/oauth.py in validate_state, line 88
Python Executable:  /usr/bin/python
Python Version: 2.7.10
Python Path:    
['/home/ec2-user/interviewmiles/login',
 '/usr/local/lib/python2.7/site-packages/django_cors_headers-1.1.0-py2.7.egg',
 '/usr/lib64/python27.zip',
 '/usr/lib64/python2.7',
 '/usr/lib64/python2.7/plat-linux2',
 '/usr/lib64/python2.7/lib-tk',
 '/usr/lib64/python2.7/lib-old',
 '/usr/lib64/python2.7/lib-dynload',
 '/usr/local/lib64/python2.7/site-packages',
 '/usr/local/lib/python2.7/site-packages',
 '/usr/lib64/python2.7/site-packages',
 '/usr/lib/python2.7/site-packages',
 '/usr/lib64/python2.7/dist-packages',
 '/usr/lib64/python2.7/dist-packages/PIL',
 '/usr/lib/python2.7/dist-packages']

/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py in get_response
                response = self.process_exception_by_middleware(e, request) ...

▶ Local vars
/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py in get_response
                    response = wrapped_callback(request, *callback_args, **callback_kwargs) ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/django/views/decorators/cache.py in _wrapped_view_func
        response = view_func(request, *args, **kwargs) ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/django/views/decorators/csrf.py in wrapped_view
        return view_func(*args, **kwargs) ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/social/apps/django_app/utils.py in wrapper
            return func(request, backend, *args, **kwargs) ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/social/apps/django_app/views.py in complete
                       redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/social/actions.py in do_complete
        user = backend.complete(user=user, *args, **kwargs) ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/social/backends/base.py in complete
        return self.auth_complete(*args, **kwargs) ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/social/utils.py in wrapper
            return func(*args, **kwargs) ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/social/backends/oauth.py in auth_complete
        state = self.validate_state() ...
▶ Local vars
/usr/local/lib/python2.7/site-packages/social/backends/oauth.py in validate_state
            raise AuthStateMissing(self, 'state') 

Answer 1

I had this problem because I was setting the Django configuration below. Removing it solved this error and I could log in normally.

# DO NOT set this, it's what caused the error
SESSION_COOKIE_SAMESITE = "None"

I'm on Django==3.1.8

Answer 2

I solved this problem by setting

SOCIAL_AUTH_FIELDS_STORED_IN_SESSION = ['state']
SESSION_COOKIE_SECURE = False

in settings.py

Answer 3

I managed to FINALLY solve this problem by setting

SOCIAL_AUTH_REDIRECT_IS_HTTPS = True

in my settings.py file.

My production server uses nginx to redirect HTTP to HTTPS, and this was the cause for the session state to go missing. Good luck-- hope this helps!