cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How do I set up Dropbox API for use on a multiple server environment/ load balancing?

New member | Level 1
New member | Level 1

I am using the dropbox php sdk webauth fuctions to allow my customers to authorize Dropbox to allow my site to list their items in dropbox. The site just moved servers to Amazon ELB (elastic load balancing). Now that I have multiple servers I am having issues getting Dropbox to work. I will get the CSRF mismatch error (request leaves from one server and returns on another).

I have moved the session's to cookies (that's were I store the access token after the request) but I am having issues getting the authorize request working. Is there a way to make this work or do I need to build my Dropbox differently? I will post code if need be, but it pretty much follows the WebAuth example.

https://github.com/dropbox/dropbox-sdk-php/blob/master/lib/Dropbox/WebAuth.php

Thank you in advance,

Robin

9 Replies 9
Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

Dropboxer
Dropboxer

The following would be helpful so we can offer some insight:

- the steps to reproduce the issue

- the full text of the error/any output

- the relevant code snippet(s), including any changes you made to "move the session's to cookies"

Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

New member | Level 1
New member | Level 1

Gregory, my code works on a single server (it's alive in production now).

where the code sets/reads the session data, I just replaced it with cookies. Which will have no baring on handling the authorization request. The exact error is the generic 

"/dropbox-auth-finish: CSRF mismatch: expect ##########, got ########". This is because the request is leaving one server and returning on another. My logs show the request leave and return on different servers. I see no documentation on handling this work flow.

Have you built dropbox to work with multi-servers before?

Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

Dropboxer
Dropboxer

I'm still not clear what change you made exactly regarding the cookies and sessions, but that certainly would be relevant here, as the error is indicating that the CSRF token didn't match what was expected, and the SDK stores the expected CSRF token in the session. You can see that here in the SDK where the exception is thrown:

https://github.com/dropbox/dropbox-sdk-php/blob/9db8328c6c035baa0fee48291bd8bd93bcc714b0/lib/Dropbox...

We don't have any specific documentation on how to handle this in an environment like yours, and in any case I suspect it would be specific to the environment, so I recommend looking at how the code works, and updating the your code and/or the SDK as necessary.

Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

New member | Level 1
New member | Level 1

I only changed the auth_finish part that retrieves the access token. I didn't change any function within the sdk. So if I change the sdk functions to use cookies instead of sessions it might fix this problem. I appreciate the insight.

If I can get the php sdk to work in a load balancing environment, can I hand it off to Dropbox and have them maintain the code officially? As more and more people are moving to services with multiple servers, I think it would be helpful.

Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

Dropboxer
Dropboxer

If you have a patch for the SDK that you think will be useful to others, please feel free to submit a pull request on the dropbox-sdk-php project.

Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

New member | Level 1
New member | Level 1

If I can get to building this I would add a setting that allows the user to either use sessions or cookies.

Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

New member | Level 1
New member | Level 1

I got the similar issue, 

i have hosted my dropbox project in a server, when multiple people try to auth use dropbox auth at same time , it creates CSRF mismatch problem.

Example 

A user comes to site and click on auth csrf set in session and redirected to dropbox page  to authorize (https://www.dropbox.com/1/oauth2/authorize) and same time another user click to auth now csrf changed and redirected to dropbox page to authorize. So when first user come to via redirected URI , CSRF MISMATCH problem occurs.

 

is there way to customize my app?

Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

Dropboxer
Dropboxer

Thamaraiselvam, different users shouldn't be affecting each other's sessions. It sounds like the session system for your app isn't set up correctly. That's a more general problem, and so a bit outside the scope of API support though, so I'm afraid I can't offer support for that. You should refer to the documentation for your web app platform for help configuring sessions properly.

Highlighted

Re: How do I set up Dropbox API for use on a multiple server environment/ load balancing?

New member | Level 1
New member | Level 1

Gregory ,

Its okay, I just modified some codes in sdk, now it is working fine.

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?