Are you using the session middleware?

What routing library are you using?

> Are you using the session middleware? I dont think so, do I need that middleware? > What routing library are you using? I use reitit.

reitit has some gotchas with session middleware you may need to be aware of

I am not sure, but the code looks like it expects to use sessions

So this library is not really usable with reitit?

The state check checks that the state in the url matches what is stored in the session

I think it should be

So what should I do now to fix the issue?

It may not even hit the gotchas that wrap-session has with reitit, those are if you try to share a session between routes, and there are several work around s, so not a huge problem just easy to get stuck on if you are not aware

I would try adding wrap-session

In which namespace is wrap-session ?

Dunno offhand it is part of the standardish ring middleware

https://github.com/metosin/reitit/issues/205#issue-399958744 talks about the issues with wrap-session and reitit and describes several solutions to making them work together

ring.middleware.session I guess

If you use a non-memory session store, wrap-session should work fine with Reitit. Ring-Defaults will automatically add an encrypted cookie session store, for example.

wrap-session fixed the issue, thanks a lot!