Session Removal Issue in Axum Project

[mann1996]

I’ve successfully implemented Google OAuth in my Axum project, but I’m encountering an issue where the session gets removed on every request. I have followed the oauth example provided in docs. Here are the details:

Problem: The session data is not persisting across requests, leading to frequent logouts and re-authentication.

Setup:

• I’m using the Axum framework.
• Authentication is working fine with Google OAuth.
• PostgreSQL for storing user.
• I’m using the Memory store.

Observations: The session is created during login but disappears after subsequent requests.

I already searched existing issues for similar problems. Gone through this discussion. I tried firefox and chrome but both have same issue.

Logs

REPO: https://github.com/mann1996/test-axum-login

Request for Assistance:

• Seeking advice on troubleshooting steps.
• Any insights or suggestions from the community would be greatly appreciated.

I am a beginner in Rust and apologise in advance for any dumb mistake.

[maxcountryman]

Can you enable trace-level logging? The "removing session cookie" bit means that the session is empty for some reason (in which case it's removed and on the next request a new one is created).

[mann1996]

First request is from google oauth redirect (callback) and 2nd is redirect to protected route after success.
I have tried the github example and its working fine.

Here's a link to my code https://github.com/mann1996/test-axum-login

[maxcountryman]

The important take away from your logs is that the session is being removed because it's empty. Something is causing the session to be cleared after it's successfully loaded from the store (or possibly it's also loaded this way, so you might want to check what's actually in your store). If you can figure out what's causing that then the fix should be just a matter of addressing that.

[mann1996]

I tried with debug mode and I see some values in session just before redirect happens. I am not aware if theres any function to inspect session values. let me know if there is.

After this everything is same as oauth example but session gets removed in my case.

[essecara]

I have the same behaviour with the sqlite client. Is there any update to this issue? :)

[maxcountryman]

If it's an issue with the redirect, please make sure your session cookie is set to SameSite=Lax otherwise the browser may remove it as a safety measure.

If it's a different issue, please open a new discussion with more details.