cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you new to Dropbox? Our Newcomers group is the perfect place to learn the basics, find out more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do I set up Dropbox API for use on a multiple server environment/ load balancing?

How do I set up Dropbox API for use on a multiple server environment/ load balancing?

Robin H.4
New member | Level 1

I am using the dropbox php sdk webauth fuctions to allow my customers to authorize Dropbox to allow my site to list their items in dropbox. The site just moved servers to Amazon ELB (elastic load balancing). Now that I have multiple servers I am having issues getting Dropbox to work. I will get the CSRF mismatch error (request leaves from one server and returns on another).

I have moved the session's to cookies (that's were I store the access token after the request) but I am having issues getting the authorize request working. Is there a way to make this work or do I need to build my Dropbox differently? I will post code if need be, but it pretty much follows the WebAuth example.

https://github.com/dropbox/dropbox-sdk-php/blob/master/lib/Dropbox/WebAuth.php

Thank you in advance,

Robin

9 Replies 9

Greg-DB
Dropbox Staff

The following would be helpful so we can offer some insight:

- the steps to reproduce the issue

- the full text of the error/any output

- the relevant code snippet(s), including any changes you made to "move the session's to cookies"

Robin H.4
New member | Level 1

Gregory, my code works on a single server (it's alive in production now).

where the code sets/reads the session data, I just replaced it with cookies. Which will have no baring on handling the authorization request. The exact error is the generic 

"/dropbox-auth-finish: CSRF mismatch: expect ##########, got ########". This is because the request is leaving one server and returning on another. My logs show the request leave and return on different servers. I see no documentation on handling this work flow.

Have you built dropbox to work with multi-servers before?

Greg-DB
Dropbox Staff

I'm still not clear what change you made exactly regarding the cookies and sessions, but that certainly would be relevant here, as the error is indicating that the CSRF token didn't match what was expected, and the SDK stores the expected CSRF token in the session. You can see that here in the SDK where the exception is thrown:

https://github.com/dropbox/dropbox-sdk-php/blob/9db8328c6c035baa0fee48291bd8bd93bcc714b0/lib/Dropbox...

We don't have any specific documentation on how to handle this in an environment like yours, and in any case I suspect it would be specific to the environment, so I recommend looking at how the code works, and updating the your code and/or the SDK as necessary.

Robin H.4
New member | Level 1

I only changed the auth_finish part that retrieves the access token. I didn't change any function within the sdk. So if I change the sdk functions to use cookies instead of sessions it might fix this problem. I appreciate the insight.

If I can get the php sdk to work in a load balancing environment, can I hand it off to Dropbox and have them maintain the code officially? As more and more people are moving to services with multiple servers, I think it would be helpful.

Greg-DB
Dropbox Staff

If you have a patch for the SDK that you think will be useful to others, please feel free to submit a pull request on the dropbox-sdk-php project.

Robin H.4
New member | Level 1

If I can get to building this I would add a setting that allows the user to either use sessions or cookies.

Thamaraiselvam
New member | Level 1

I got the similar issue, 

i have hosted my dropbox project in a server, when multiple people try to auth use dropbox auth at same time , it creates CSRF mismatch problem.

Example 

A user comes to site and click on auth csrf set in session and redirected to dropbox page  to authorize (https://www.dropbox.com/1/oauth2/authorize) and same time another user click to auth now csrf changed and redirected to dropbox page to authorize. So when first user come to via redirected URI , CSRF MISMATCH problem occurs.

 

is there way to customize my app?

Greg-DB
Dropbox Staff

Thamaraiselvam, different users shouldn't be affecting each other's sessions. It sounds like the session system for your app isn't set up correctly. That's a more general problem, and so a bit outside the scope of API support though, so I'm afraid I can't offer support for that. You should refer to the documentation for your web app platform for help configuring sessions properly.

Thamaraiselvam
New member | Level 1

Gregory ,

Its okay, I just modified some codes in sdk, now it is working fine.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Thamaraiselvam New member | Level 1
  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Robin H.4 New member | Level 1
What do Dropbox user levels mean?