"You cannot access this page directly" - Hybrid Auth

Question

I'm hosting my PHP Yii application on AWS Elastic Beanstalk and hence using the database to store sessions. I've successfully implemented facebook login using Hybridauth on a shared hosting environment. When I host on Elastic Beanstalk facebook login gives the error:

"You cannot access this page directly"

The URL ends up as:

http://mydomain.com/hybridauth/default/callback?hauth.start=Facebook&hauth.time=1393106016

I've learnt from here that this is related to facebook calling back to the application but finding a different session. Endpoint.php then throws the error:

            # Init Hybrid_Auth
        try {
            // Check if Hybrid_Auth session already exist
            if ( ! isset( $_SESSION["HA::CONFIG"] ) ) { 
                header( "HTTP/1.0 404 Not Found" );
                die( "You cannot access this page directly." );
            }

How can I ensure facebook calls back to the same session and successfully signs in with hybridauth?

Answer 1

Its due to PHP SESSION name If you have change session name in confing file of Yii. Then you have to use add this session_name('samar_v4'); in file protected/modules/user/vendors/hybridauth/Hybrid/Endpoint.php in starting of functoin authInit

Answer 2

Check your Facebook application's redirect URL. Facebook doesn't allow multiple redirect URLs. So each time you change your hosting/domain/address, you'll have to reconfigure the Facebook application's redirect URL or use a different set of credential.

Also your redirect URL should be something like this: http://mydomain.com/hybridauth/?hauth.done=Facebook

Answer 3

This worked for me as well:

"base_url" => "https://example.com/inc/hybridauth/",

I changed it to

"base_url" => "https://".$_SERVER['HTTP_HOST']."/inc/hybridauth/",

Answer 4

For me it worked on the main domain but not on a subdomain. I worked out it was the base_url in config.php that caused the error.

Instead of

"base_url" => "https://mydomain.com/inc/hybridauth/",

I changed it to

"base_url" => "https://".$_SERVER['HTTP_HOST']."/inc/hybridauth/",

Now it works anywhere I put it.

Answer 5

For anyone else struggling with this issue, and its not related to the www-domain registration issue, my problem had to do with not being able to write to the php session directory. Not sure how or when it was altered, but if you cannot write to /var/lib/php/5.5/session, hybridauth will not work.

Answer 6

As per the other answers, I believe this is a session problem, perhaps the session is started under the wrong domain and then cannot be re-fetched under the other domain.

I solved this by removing various ServerAlias settings from my development Apache config.

this 'caused' the error:

ServerName mydomain.com.au.localhost
ServerAlias www.mydomain.com.au.localhost
ServerAlias localhost.mydomain.com.au        # << using this one

this fixed the error:

#ServerName mydomain.com.au.localhost
#ServerAlias www.mydomain.com.au.localhost
ServerName localhost.mydomain.com.au        # << using this one

apachectl restart

(I normally use mydomain.com.au.localhost so I'm leaving them in for later use.)

Answer 7

I had the same issue using Hybrid Auth 2.8. It relates to our custom session handler which is set by session_set_save_handler(). Hybrid Auth uses standard PHP sessions, so after redirecting and opening a new session, Hybrid Auth starts using standard PHP file sessions instead of your custom session handler. This result in the loss of config data from our session and getting this error message.

I resolved this issue by adding our own custom session handler at the top of hybridauth/index.php (located in the same dir as config.php and live.php). This forces Hybrid Auth to use your custom session handler.

Answer 8

I found this problem that seems unsolvable. I was giving up, that's when my instinct led me to do a test and voila everything working.

For anyone with the same problem have a question: The file that calls the API is in the same directory it?

  Me only worked when I put my file in the same folder as the config.php file. Try it there and tell me if it works!

A hug and Greetings to all!

Answer 9

I solved my particular HybridAuth "You cannot access this page directly" error with the domain name on the session cookie. My app exists on a subdomain and I'd designed the redirect to point to socialize.sub.domain.tld, and the cookie wasn't reaching the _Endpoint.

Changing the session domain to .domain.tld solved it. - Hope this helps :)