Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid CSRF token, unable to log in #138

Closed
LB-- opened this issue Jun 7, 2016 · 5 comments
Closed

Invalid CSRF token, unable to log in #138

LB-- opened this issue Jun 7, 2016 · 5 comments

Comments

@LB--
Copy link

LB-- commented Jun 7, 2016
edited

On my Windows 10 computer I use Google Chrome Version 50.0.2661.102 m (64-bit) without issues. I also just updated it to Version 51.0.2704.84 m (64-bit) and the forums still work. Can log out and back in again with no issues.

On my Chromebook running Version 50.0.2661.1.103 (64-bit) I am unable to login to the forum at all. I'm using the same extensions and settings on both machines, to the best of my knowledge. (Though I remember a while back I had to disable experimental javascript on the Chromebook, but not the Win10, in order for the forum JavaScript to work).

When I navigate to the login page, a toaster in the bottom right informs me of an "invalid-session". When I try to login with username and password, I get redirected to the login url with ?error=csrf-invalid at the end, and a message saying "We were unable to log you in, likely due to an expired session. Please try again". In the JavaScript console I only see errors from the emoji plugin and the shortcuts plugin complaining about the invalid session.

When I log in via GitHub, I get taken back to the main forums still logged out, no error message in sight. Still only plugin error messages complaining about the invalid session.
@LB--
Copy link
Author

LB-- commented Jun 7, 2016

See also: https://what.thedailywtf.com/topic/20138/unable-to-login-csrf-invalid

@LB-- LB-- changed the title Invalid session on Chromebook, impossible to log in Invalid CSRF token, unable to log in Jun 7, 2016
@BenLubar
Copy link
Collaborator

BenLubar commented Jun 7, 2016

You have cookies disabled in your browser.

@LB--
Copy link
Author

LB-- commented Jun 7, 2016

You have cookies disabled in your browser.

Not to my knowledge. I can log in and stay logged in to other sites, and in the settings cookies are explicitly enabled with no exceptions.

BenLubar referenced this issue in NodeBB/NodeBB Jun 7, 2016
@julianlam
resolve bug with url path when SSL certificate is handled by NodeBB
08cdfd2
@BenLubar
Copy link
Collaborator

BenLubar commented Jun 7, 2016

Ok, for anyone coming here in the future, you need to add an X-Forwarded-Proto header to nginx's reverse proxy.

NodeBB/NodeBB@08cdfd2
https://github.com/expressjs/session/issues/165#issuecomment-108749788

@BenLubar BenLubar closed this as completed Jun 7, 2016
BenLubar added a commit to boomzillawtf/tdwtf that referenced this issue Jun 7, 2016
@BenLubar
Fix apxltd/what-bugs#138 in the example config. <NodeBB/NodeBB@08cdfd2>
b58b4dd
@LB--
Copy link
Author

LB-- commented Jun 7, 2016
edited

Ok, I added X-Forwarded-Proto as per expressjs/session#165. I can log in now when I test. Can you?

Yes, and after I logged in I got redirected to an invalid URL:
https://what.thedailywtf.com/login,https://what.thedailywtf.com/login?loggedin
screenshot 2016-06-07 at 12 14 08 am

Can't reproduce. Probably a fluke.

EDIT: Reproduced and moved to NodeBB/NodeBB#4727

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LB-- @BenLubar