417 errors after re-login to backoffice

[creativesuspects]

Which exact Umbraco version are you using? For example: 9.0.1 - don't just write v9

9.3.1

Bug summary

After being logged out of the backoffice due to the timeout I immediately log back in. The section buttons in the top bar are gone, only the logo is visible.

Specifics

I'm using Chrome (latest version).
There are a bunch of 417 errors in the console:

I have to refresh the browser window to get everything working again.

I did some searching and people were having similar issues in version 7.x:

https://our.umbraco.com/forum/umbraco-7/using-umbraco-7/60627-417-Missing-token-in-the-backoffice

Steps to reproduce

It's kind of difficult to reproduce, because the issue doesn't occur every time. However, my client has experienced the same issue, so it affects both my local development environment (Windows 11) and the staging server (Windows 2019). I'm not sure if it's an Umbraco issue per se, but maybe someone could point me in the right direction? The thread on Our regarding a similar issue on v7 didn't really help me.

Expected result / actual result

No response

[nul800sebastiaan]

Someone else just found that the issue for them had to do with CivicUK cookie management, might be some other cookie tool you've installed that needs extra configuration: #4138 (comment)

As far as we know and experience, this is not a problem with Umbraco in general so I'm going to close this issue for now. If there's anything in Umbraco causing it or some way Umbraco could help prevent somehow let us know and we can re-open for another look.

[creativesuspects]

@nul800sebastiaan I had already seen that particular comment. I'm not using any 3rd-party cookie management tools on the front end. I am using a bespoke cookie consent popup, but it doesn't actively block or remove any cookies, it just sets a number of cookies depending on the user's consent. There's no way this could interfere with the Umbraco backoffice.

I agree that it's probably not a problem with Umbraco, but I would still like to find the culprit. Can you tell me which cookie would possibly be responsible for the 417 status code?

[nul800sebastiaan]

From that comment: ['ASP.NET_SessionId', 'XSRF-TOKEN', 'XSRF-V', '__RequestVerificationToken', '__zlcmid', 'UMB*']

I would expect it to be one of the UMB ones. Would be good to investigate in the browser's debug tools which cookies you do have when this error occurs, then you might be able to spot a missing one (but of course it could also be that there's a cookie with invalid data, that would be hard to spot).

Browser plugins and firewalls have also caused these problems or even firewalls on your webhosting solution.

[creativesuspects]

Thanks for the extra info. I am using F-Secure Browsing Protection, maybe that's causing problem. The weird thing is that the client also experienced the issue on the staging environment. So different client computers (Windows vs. macOS) and different hosting environments (Windows 11 vs. Windows Server 2019), but the same issue. That's too much of a coincidence IMO, so I would expect it's code-related somehow. I will check the cookies and headers when I encounter the issue again and hopefully I'll be able to find the culprit. If I find that the issue is in fact Umbraco related I will ask to reopen this issue.