Skip to content

CSRF error on login #17

Closed
ianb opened this Issue Mar 20, 2013 · 4 comments

4 participants

@ianb
Mozilla member
ianb commented Mar 20, 2013

I ended up at this page: https://badges.mozilla.org/en-US/browserid/browserid/verify/ – with a 403 message "CSRF verification failed. Request aborted."

My actions before: go to a badge claim page, logout, get redirected to home page, log back in (different email). In the end I seemed to have been logged in.

Successful attempt to reproduce: on home page log in, log out, log in again.

@lmorchard
Mozilla member

Hmm, I think logout is clearing the CSRF token from the session and breaking the hidden login form :/

@cshields

I ran into the same thing today.. having something to do with using one persona email elsewhere and trying to log in to badges with a different one.

@gene1wood
Mozilla member
@lmorchard lmorchard added this to the Feb 2015 dev stroll milestone Jan 24, 2015
@lmorchard
Mozilla member

Will try to keep an eye out for this issue, but I can't reproduce it. At least, not with various combinations of signing in places with persona. I have seen CSRF errors when memcache fails, though. But, that should hopefully be a transient infra issue

@lmorchard lmorchard closed this Feb 27, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.