Skip to content

CSRF token not getting refreshed when CP session type is "session only" #4129

New issue
New issue
Closed
#4144
Closed
CSRF token not getting refreshed when CP session type is "session only"#4129
#4144
Assignees
Yulyaswan
Labels
Bug: AcceptedBug has been confirmed, is reproducible, and ready to work on.
@intoeetive

Description

@intoeetive
intoeetive
opened on Mar 11, 2024

When CP session type is set to session only, session identificator is appended to URL like this: &S=a5644d41749e3c4e69befff96a662376

When idle popup is shown and password is entered, this code gets executed:

$.getJSON(EE.BASE + '/login/refresh_csrf_token', function(result) {

which results in invalid URL, so token is never updated, causing logout on form submission

Metadata

Metadata

Assignees

Labels

Bug: AcceptedBug has been confirmed, is reproducible, and ready to work on.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions