DotNetOpenId — “This message has already been processed” Error

Question

I'm starting with OpenId using the dotnetopenid library and, so far, so good, but when I try to login, it shows me the following message:

This message has already been processed. This could indicate a replay attack in progress.

The first time I used my app it failed and, after that, the above message it is always returned.

How can I "logout" the user that I'm using for testing or how can I can clear the request so I can login/logout?

Thanks in advance! =)

Answer 1

I found the problem, a seely problem as usual...

I was calling the GetResponse more than once, and that got me error message.

Sorry for the inconvenience and thanks for your answers =)

Answer 2

The replay attack message is usually because you clicked Refresh on the browser while the the URL in your browser still has a bunch of OpenID parameters in it. Try clearing off everything after the ? mark, or just retype the URL and press enter. If that doesn't work, then try adding a question mark to the URL and pressing enter.

How to log off? DotNetOpenId defaults to using forms authentication, so you can sign the user off by calling FormsAuthentication.SignOut().

Answer 3

In some versions of dotnetopenauth you can also get:

This message has already been processed. This could indicate a replay attack in progress.

if your maxAuthenticationTime value is too low (which is obviously not related to the error in any way - but that is a different issue). I experienced this just today.

To increase this value, edit the config entry as shown at http://www.dotnetopenauth.net/developers/help/configuration-options/ (I suggest setting to 0:10).