Issue with multiple tabs in the browser generating different form_key(CSRF Token) #662
Comments
|
every instance of the form should have a unique form key, which is stored in the session. That is the right behavior How does it affect the functionality. If the form submission fails, make sure PHP Session is working fine What is the version of restler you are using? |
|
Let me explain you the scenario. We have a UI, the user logins to it in one tab. Also logins to the same UI in another tab. Now as both the tabs will be having a sperate form key. The submission of the form on the intial tab is resulting in a 403 error due to that key not being present in the session and the newest tab will be working fine. So it is fine to have a unique form key per every session. But that should also pass the equality comparision. Here the old keys are being lost. Hope, you should have understood the issue now. Do let me know in case anything else might be required for this issue. The version of restler we are using is 3.0.0.RC5. |
|
Ok, this gives some clarity. Does each tab have the same form or different forms? Also newer updates for RC5 will be available with Restler 4 now, we suggest you upgrade |
|
At the current level, the scope of the application is really broad and as it is live in Production environment from past many years. We have to see the breaking changes. Are there any major breaking changes upgrading from Restler 3 to Restler 4 that you can suggest? Also to answer your question this happens with both the same forms as well as different forms in multiple tabs. |
|
Your pull request is against the master branch which is currently |
|
Can you please also merge that PR for the branch v4 as well, we are using RC5 only, and upgrading at this point in time to any other is not an easier option? Thanks for your support. |
Before the changes that are being made around this commit - 4223e38
everything was working fine and only a single CSRF token was being generated when opening multiple tabs.
Now after the changed to the new version, everytime we open a new tab a new form key or CSRF token is being generated and not allowing the end users to work on multiple tabs.
This is not working :
This was working fine:
Can you please help us in this as the app is live on Production and the only way might be to hardcode this is the vendor folder.
The text was updated successfully, but these errors were encountered: