-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid CSRF token, unable to log in #138
Comments
You have cookies disabled in your browser. |
Not to my knowledge. I can log in and stay logged in to other sites, and in the settings cookies are explicitly enabled with no exceptions. |
Ok, for anyone coming here in the future, you need to add an X-Forwarded-Proto header to nginx's reverse proxy. NodeBB/NodeBB@08cdfd2 |
Yes, and after I logged in I got redirected to an invalid URL: Can't reproduce. Probably a fluke. EDIT: Reproduced and moved to NodeBB/NodeBB#4727 |
On my Windows 10 computer I use Google Chrome Version 50.0.2661.102 m (64-bit) without issues. I also just updated it to Version 51.0.2704.84 m (64-bit) and the forums still work. Can log out and back in again with no issues.
On my Chromebook running Version 50.0.2661.1.103 (64-bit) I am unable to login to the forum at all. I'm using the same extensions and settings on both machines, to the best of my knowledge. (Though I remember a while back I had to disable experimental javascript on the Chromebook, but not the Win10, in order for the forum JavaScript to work).
When I navigate to the login page, a toaster in the bottom right informs me of an "invalid-session". When I try to login with username and password, I get redirected to the login url with
?error=csrf-invalid
at the end, and a message saying "We were unable to log you in, likely due to an expired session. Please try again". In the JavaScript console I only see errors from the emoji plugin and the shortcuts plugin complaining about the invalid session.When I log in via GitHub, I get taken back to the main forums still logged out, no error message in sight. Still only plugin error messages complaining about the invalid session.
The text was updated successfully, but these errors were encountered: