I have the exact same problem. Is there an easy fix?

I have split this into its own topic for you. Could you please disable all 3rd party items in the first instance, and let us know if you are having the same issue when all 3rd party items are disabled?

Same issue here. I updated my privacy policy and required users to agree with the updated terms and we get this error.

 

Same issue here. I updated my privacy policy and required users to agree with the updated terms and we get this error.

Could you please confirm are your users getting this logging in, or are you getting it when you update the terms?

Did you manage to resolve this, @Vegan Gaymer ?

My users have been reporting this same error for sometime now while logging in. Once they get the error they can click on any link in the menu and they are logged in.  This morning while working on my site; I was finally able to capture the error myself.  I went through and disabled applications/addons one at a time and tested.  Nothing fixed the error.  I also re-did Privacy Policy information and nothing changed either.

 

My users have been reporting this same error for sometime now while logging in. Once they get the error they can click on any link in the menu and they are logged in.  This morning while working on my site; I was finally able to capture the error myself.  I went through and disabled applications/addons one at a time and tested.  Nothing fixed the error.  I also re-did Privacy Policy information and nothing changed either.

Did you switch to an unmodified theme (if applicable) too to test? Are you noticing this on specific users or all users? If specific, could you please let me know their display name(s)?

 

Did you switch to an unmodified theme (if applicable) too to test? Are you noticing this on specific users or all users? If specific, could you please let me know their display name(s)?

Well, sortta... The theme I'm using is the default IPS theme that I've modified a little for a larger header.  As far as I can tell; this seems to happen for all users as well as myself. It only happens if the user is logging in from the main URL (I guess it's an articles page), but does not happen if using the /forums url.

 

Well, sortta... The theme I'm using is the default IPS theme that I've modified a little for a larger header.  As far as I can tell; this seems to happen for all users as well as myself. It only happens if the user is logging in from the main URL (I guess it's an articles page), but does not happen if using the /forums url.

I would suggest trying this first with an unmodified theme as even the smallest changes to a template can cause the upgrader to not upgrade that template and it could be missing code changes from version to version. Each upgrade a theme needs to be double checked for compatibility issues, I'm afraid.

I would recommend also checking and removing any custom .htaccess entries you have any leaving just the ones that come with our software in case something is causing an issue there.

 

I would suggest trying this first with an unmodified theme as even the smallest changes to a template can cause the upgrader to not upgrade that template and it could be missing code changes from version to version. Each upgrade a theme needs to be double checked for compatibility issues, I'm afraid.

I would recommend also checking and removing any custom .htaccess entries you have any leaving just the ones that come with our software in case something is causing an issue there.

Jim,

I've done everything suggested and still getting this error. I've used unmodified theme, disabled all 3rd party apps, etc. If i go to my site  mysite.com/forums I am able to log in and navigate the site just fine.  If I go to mysite.com it shows me as logged out. If I click to login from mysite.com it gives the CSRF error. I am not using any custom .htaccess files other than the one that come with IPS. 

It appears that I am not able to change the default app either. My default app is currently pages with articles page. I was thinking that going to mysite.com should use the default app. I tried changing the default app to forums, but it still shows the old pages/articles page.  I deleted the page so now anyone going to to my main url are getting "The page you requested does not exist".

I don't know if these are different problems or if they are part of the same. I'm not sure what else to check or do.

Please could you let us know which site this is on?

 

Please could you let us know which site this is on?

vpuniverse

This also seems to happen sometimes when accessing admin.  I can't seem to duplicate the admin one as easily as I am the main site one.

Could I ask, are you able to repicate this yourself on the front end? I cannot login as unfortunately the access details on file are incorrect

 

Could I ask, are you able to repicate this yourself on the front end? I cannot login as unfortunately the access details on file are incorrect

Login details have been updated. 

Yes, I am able to duplicate the front end issue on a regular basis.  Login to the main domain using /forums.  Then go back to the main URL, you'll see that you are not signed in (you really are though if you go to /forums), click sign-in.  You should get the CSRF response.

Could you please check on your server to ensure that no caching is enabled on there. If it is, please disable while testing this.

 

Could you please check on your server to ensure that no caching is enabled on there. If it is, please disable while testing this.

I have caching on via Cloudflare.  I've changed it to development mode for now as well as took the forums offline, but your login should still login.

Is there a specific URL which you have bookmarked or are using when this happens? Unfortunately, when logging in with the credentials provide on both the front-end and ACP, I am not encountering this error.

From time to time I have the same issue when pressing „mark site read“.

It appears only since update to 4.6.9.

I can‘t reproduce it exactly but never had it in the past before the update.

We need exact URLs when these issues are occurring if possible, then we can advise accordingly.

Marc, you have our URL in your backend. It happens in the unread content stream but only from time to time. 

Edited December 17, 20213 yr by Apfelstrudel

 

Is there a specific URL which you have bookmarked or are using when this happens? Unfortunately, when logging in with the credentials provide on both the front-end and ACP, I am not encountering this error.

No, it's not with a bookmark.

I'm able to duplicate this each and every time.  Even tested from a friends computer that I've never used before.  I go to vpuniverse.com, log-in, it takes to /forums. Go back to vpuniverse.com, not using back button but going to main domain directly. It shows user not logged in. Log-in, get CSRF response. It doesn't matter if it's my account or my test user account that's setup for you.

BTW I get the same CSRF error when using the original unmodified theme. 😉

My normal use case is: Opening unread content stream and pressing „mark site read“. 😉 -> CSRF error (sometimes)

Edited December 17, 20213 yr by Apfelstrudel

The most common reason for a CSRF failure would be a change of session ID. Have you noticed any issues with sessions recently?

No, I didn‘t have. Only since 4.6.9 and also with the original theme. 

 

The most common reason for a CSRF failure would be a change of session ID. Have you noticed any issues with sessions recently?

 I have not, but not quite sure what to look for exactly.