Loading...

XML

Word

Printable

Type: Bug Report
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.10.0, 7.7.10, 7.9.6, 7.8.12, 7.10.0-alpha6
Affects Version/s: 7.10.0-alpha3, 7.10.0-alpha4
Component/s: admin, cockpit, tasklist
Labels:
- SUPPORT

Reproduce:

Login to Cockpit
Invalidate the CSRF token (by going to the dev tools, and change the value of the XSRF-TOKEN cookie)
Perform any operation that uses a POST request, e.g. goto any process definition page
Observe the denied by server error message and refresh the page

Expected:

After page refresh, the csrf token is refreshed

Observed:

Since the token is stored as cookie, the issue persists even after the page refresh

Workaround:

Let the session expire and login again. On login, a new CSRF token is granted (it is not possible to logout without the correct CSRF token, so actually waiting for a session timeout or clearing the session cookie manually is the only way)

This is the controller panel for Smart Panels app

is related to

CAM-9493 Session expires with delay after CSRF Token manipulation

Closed

CAM-9494 Cannot log in after CSRF token error session expiration

Closed

CAM-9495 Endless diagram loading after CSRF token error session expiration

Closed

Assignee:: Michael Schoettes

Reporter:: Sebastian Stamm

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 01/Aug/18 4:03 PM

Updated:: 19/Nov/18 11:54 AM

Resolved:: 16/Oct/18 2:59 PM