Jump to content

Logging in: "The CSRF protection key did not match."


Bernie Hogya
 Share

Go to solution Solved by All Things In,

Recommended Posts

  • 4 weeks later...

My users have been reporting this same error for sometime now while logging in. Once they get the error they can click on any link in the menu and they are logged in.  This morning while working on my site; I was finally able to capture the error myself.  I went through and disabled applications/addons one at a time and tested.  Nothing fixed the error.  I also re-did Privacy Policy information and nothing changed either.

error.thumb.png.7cecfb06d47bb48d8b96e8c56fd514df.png

Link to comment
Share on other sites

20 minutes ago, Circo said:

My users have been reporting this same error for sometime now while logging in. Once they get the error they can click on any link in the menu and they are logged in.  This morning while working on my site; I was finally able to capture the error myself.  I went through and disabled applications/addons one at a time and tested.  Nothing fixed the error.  I also re-did Privacy Policy information and nothing changed either.

error.thumb.png.7cecfb06d47bb48d8b96e8c56fd514df.png

Did you switch to an unmodified theme (if applicable) too to test? Are you noticing this on specific users or all users? If specific, could you please let me know their display name(s)?

Link to comment
Share on other sites

3 minutes ago, Jim M said:

Did you switch to an unmodified theme (if applicable) too to test? Are you noticing this on specific users or all users? If specific, could you please let me know their display name(s)?

Well, sortta... The theme I'm using is the default IPS theme that I've modified a little for a larger header.  As far as I can tell; this seems to happen for all users as well as myself. It only happens if the user is logging in from the main URL (I guess it's an articles page), but does not happen if using the /forums url.

Link to comment
Share on other sites

41 minutes ago, Circo said:

Well, sortta... The theme I'm using is the default IPS theme that I've modified a little for a larger header.  As far as I can tell; this seems to happen for all users as well as myself. It only happens if the user is logging in from the main URL (I guess it's an articles page), but does not happen if using the /forums url.

I would suggest trying this first with an unmodified theme as even the smallest changes to a template can cause the upgrader to not upgrade that template and it could be missing code changes from version to version. Each upgrade a theme needs to be double checked for compatibility issues, I'm afraid.

I would recommend also checking and removing any custom .htaccess entries you have any leaving just the ones that come with our software in case something is causing an issue there.

Link to comment
Share on other sites

  • 4 weeks later...
On 11/17/2021 at 1:26 PM, Jim M said:

I would suggest trying this first with an unmodified theme as even the smallest changes to a template can cause the upgrader to not upgrade that template and it could be missing code changes from version to version. Each upgrade a theme needs to be double checked for compatibility issues, I'm afraid.

I would recommend also checking and removing any custom .htaccess entries you have any leaving just the ones that come with our software in case something is causing an issue there.

Jim,

I've done everything suggested and still getting this error. I've used unmodified theme, disabled all 3rd party apps, etc. If i go to my site  mysite.com/forums I am able to log in and navigate the site just fine.  If I go to mysite.com it shows me as logged out. If I click to login from mysite.com it gives the CSRF error. I am not using any custom .htaccess files other than the one that come with IPS. 

It appears that I am not able to change the default app either. My default app is currently pages with articles page. I was thinking that going to mysite.com should use the default app. I tried changing the default app to forums, but it still shows the old pages/articles page.  I deleted the page so now anyone going to to my main url are getting "The page you requested does not exist".

I don't know if these are different problems or if they are part of the same. I'm not sure what else to check or do.

Link to comment
Share on other sites

On 12/14/2021 at 10:11 AM, Marc Stridgen said:

Could I ask, are you able to repicate this yourself on the front end? I cannot login as unfortunately the access details on file are incorrect

Login details have been updated. 

Yes, I am able to duplicate the front end issue on a regular basis.  Login to the main domain using /forums.  Then go back to the main URL, you'll see that you are not signed in (you really are though if you go to /forums), click sign-in.  You should get the CSRF response.

Link to comment
Share on other sites

4 minutes ago, Marc Stridgen said:

Could you please check on your server to ensure that no caching is enabled on there. If it is, please disable while testing this.

I have caching on via Cloudflare.  I've changed it to development mode for now as well as took the forums offline, but your login should still login.

Link to comment
Share on other sites

18 hours ago, Jim M said:

Is there a specific URL which you have bookmarked or are using when this happens? Unfortunately, when logging in with the credentials provide on both the front-end and ACP, I am not encountering this error.

No, it's not with a bookmark.

I'm able to duplicate this each and every time.  Even tested from a friends computer that I've never used before.  I go to vpuniverse.com, log-in, it takes to /forums. Go back to vpuniverse.com, not using back button but going to main domain directly. It shows user not logged in. Log-in, get CSRF response. It doesn't matter if it's my account or my test user account that's setup for you.

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...