Clicking on Login With Github on travis-ci.org fails with "state mismatch"

Travis CI Discussions & Feedback
1

Similar to Cannot login to travis-ci.org: "state mismatch" (via GitHub)

2

Had the same problem recently. Cleaning cookies helped.

It looks like a recent change in server code doesn’t play nice with a cookie set by an older version of server code.

3

It would really help troubleshooting if you provide full content of a failing request (your browser’s development tools should be able to provide this).

4

Here’s all the requests and responses:

GET /auth/handshake?redirect_uri=https://travis-ci.org/ HTTP/1.1
Host: api.travis-ci.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://travis-ci.org/
Cookie: travis.state=ZAI6gHmlu4uZmGItwfHG_g%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F; travis.state=9hzIuMFpiyvE-1iaFpGTzg%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F; __stripe_mid=818e2f3b-ab9c-4719-bf66-57f61b73d2f6; __stripe_sid=ebef2c17-8ee4-4706-8db3-c8d3be622a66
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Connection: keep-alive
Server: nginx
Date: Tue, 12 Nov 2019 01:08:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
X-Endpoint: Travis::Api::App::Endpoint::Authorization
X-Pattern: /handshake
X-Oauth-Scopes: public
X-Accepted-Oauth-Scopes: public
Vary: Accept,Accept-Encoding
Set-Cookie: travis.state=IeXobJCTEjXILIzoNgIqpA%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F; secure
Location: https://github.com/login/oauth/authorize?client_id=f244293c729d5066cf27&redirect_uri=https%3A%2F%2Fapi.travis-ci.org%2Fauth%2Fhandshake&scope=read%3Aorg%2Cuser%3Aemail%2Crepo_deployment%2Crepo%3Astatus%2Cwrite%3Arepo_hook&state=IeXobJCTEjXILIzoNgIqpA%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F
Content-Encoding: gzip
Cache-Control: private
X-Rack-Cache: miss
X-Request-Id: 70eb5159-d932-4fe6-83e8-870bb774107d
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Type, Cache-Control, Expires, Etag, Last-Modified, X-Request-ID
Via: 1.1 vegur

GET /login/oauth/authorize?client_id=f244293c729d5066cf27&redirect_uri=https%3A%2F%2Fapi.travis-ci.org%2Fauth%2Fhandshake&scope=read%3Aorg%2Cuser%3Aemail%2Crepo_deployment%2Crepo%3Astatus%2Cwrite%3Arepo_hook&state=IeXobJCTEjXILIzoNgIqpA%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://travis-ci.org/
DNT: 1
Connection: keep-alive
Cookie: logged_in=yes; _octo=GH1.1.1557147011.1541118579; _device_id=2731c2ae183205f9ef5aa7d139a982c2; user_session=oeCFemMLU2z7l8VkooN_RBW8-OVFBcUcla-HkmXNIrsTp9Rz; dotcom_user=shosca; has_recent_activity=1; ignored_unsupported_browser_notice=false; _gh_sess=WllWMkFqTWJBUEp0N2MyL28rTTQ4UlJQQ3RnclJabzlwSFhBUlZsRFNqQk9INk9CWTFaVjVRQmdTeXpNamozRkFvbUJMMHJlaVI4SFZqdUYxdHBXUERUbDNkcU1ZWXNBNlFWbzBvTDlDWmh4akZoeXJ2b2R6aWF5RnFEWFljRW1Wb0kyUC96eDNMeVhJRTVJOGdkYU1GY2duSWs2ZTFFeU1FNTR0dmVtc3p2LzhBOU9ZZnF2ZWdNZDJKQncxMzRneThLTmhnU0RCZ0xlM3BnM2xLT0lmREpNckdib09OTmkzTFRaQjAwekhiVldKZDNlRGFuZ0hubmo5ZDc1ZUFndCtTdVhGUTNLZHdrSEdDeFRsQ21YTlZ3YlB6ZWdWTS9vR08zOE1xTGV3bjJZNndWSjlkR3Z0c0M0RjN2TjFpOG80djBDQzZpNG90YzFvUjNYL1R4QmpJb3BPUXdVSFpic3drMC9vWWpBZVNFMklUYzlSV2N2QUlDbjRncklmcFFuLS1Vd2RKeDZLbjJNeVZrcHQvUEF6eURnPT0%3D--773ce1a47050e098375798a00a7dcf7ccc2f567e; tz=America%2FNew_York
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: GitHub.com
Date: Tue, 12 Nov 2019 01:08:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Status: 302 Found
Vary: X-PJAX
Location: https://api.travis-ci.org/auth/handshake?code=6c3d97478d2a392b1a4e&state=IeXobJCTEjXILIzoNgIqpA%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F
Cache-Control: no-cache
Set-Cookie: user_session=oeCFemMLU2z7l8VkooN_RBW8-OVFBcUcla-HkmXNIrsTp9Rz; path=/; expires=Tue, 26 Nov 2019 01:08:12 -0000; secure; HttpOnly
    __Host-user_session_same_site=oeCFemMLU2z7l8VkooN_RBW8-OVFBcUcla-HkmXNIrsTp9Rz; path=/; expires=Tue, 26 Nov 2019 01:08:12 -0000; secure; HttpOnly; SameSite=Strict
    has_recent_activity=1; path=/; expires=Tue, 12 Nov 2019 02:08:12 -0000
    _gh_sess=WDBVbHNqTTNRcWVNZmhOa3duSkNIZVBGOG9pV0tZanVGZVd5SzZPbS9EMGlxYzc5RDhFRitXNDd4cXRuMzJleE5Ick1GeWcwaFJINzJsWU9hTUFydzh5V3ZZUXYzditJcU0zbnd5QUZjVi9LNDdGZ2VGSkhjemV2cGo1YzZWTlFCLzdKZWc5eWIyemQvdE44aWRaendXQWoyWnNTNCtZUFlmV0FQZnlaRWhOMlVMYlZQckpXV1piYktpbGozbzJHRk9TWi9VTHcxcUt6TXQzUlI0QjdLbFQrRWJMU2RuL3B6UDBpejZINzBEUFBDQjAveE55WThxR3FBUlBjMko4ZHBwdVJkWmdJZEJ6SHFFNnNZbUdKYzZQSmlrK1cwU3ExRG5UZUpWYjdLU3BUd05sZ3poZ0dNc1dmOWlpUUFvQmkvM3I0cHdybCtpQlNXamdMMW5tM080cndaRnhzTERIRWd6QnVWUis0RDdJVkJaVDRNTmdzTEd1REM5MmEydnNVLS02L1VENnJqRnJCd0NrZEhJVE9lS0FBPT0%3D--bf8081d5fd8aa73947797d292d9c9d0b0df8182a; path=/; secure; HttpOnly
X-Request-Id: 9cc6e01a-0d5a-431a-b0b6-6bc36ed51ec9
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'self'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
X-GitHub-Request-Id: EBC2:5E71:120C1EF:1E36C19:5DCA05FC

GET /auth/handshake?code=6c3d97478d2a392b1a4e&state=IeXobJCTEjXILIzoNgIqpA%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F HTTP/1.1
Host: api.travis-ci.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://travis-ci.org/
DNT: 1
Connection: keep-alive
Cookie: travis.state=ZAI6gHmlu4uZmGItwfHG_g%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F; travis.state=IeXobJCTEjXILIzoNgIqpA%3A%3A%3Ahttps%3A%2F%2Ftravis-ci.org%2F; __stripe_mid=818e2f3b-ab9c-4719-bf66-57f61b73d2f6; __stripe_sid=ebef2c17-8ee4-4706-8db3-c8d3be622a66
Upgrade-Insecure-Requests: 1

HTTP/1.1 400 Bad Request
Connection: keep-alive
Server: nginx
Date: Tue, 12 Nov 2019 01:08:12 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
X-Endpoint: Travis::Api::App::Endpoint::Authorization
X-Pattern: /handshake
X-Oauth-Scopes: public
X-Accepted-Oauth-Scopes: public
Vary: Accept,Accept-Encoding
Content-Encoding: gzip
Cache-Control: private
X-Rack-Cache: miss
X-Request-Id: 234737b4-5541-4739-808a-25432263ea6f
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Type, Cache-Control, Expires, Etag, Last-Modified, X-Request-ID
Via: 1.1 vegur