Invalid form authenticity token.
|Category:||Accounts / authentication|
Try to click on "Login" button more than once. Message "Invalid form authenticity token" will be appeared.
#6 Updated by Felix Schäfer almost 3 years ago
Petr Pospisil wrote:
Why not? What were changed? Show login dialog, fill credentials, double click to login button. It is the simplest way to simulate bahaviour. Another problem is if you have ISP with large latence (response time), e.g. slow wifi.
I cannot reproduce this, as long as you can't give a clear way to reproduce (i.e. download a fresh redmine, laod the default data, don't install any plugin, reproduce), we won't be able to help you.
#10 Updated by Petr Pospisil almost 3 years ago
Sorry, it is not just my problem or browser problem. Can you see screen shots from another peoples or browers? :o). I guess no.
Login page -> fill credentials -> clicking to submit button more than once (e.g. twice, 5 times...). At the first request, the system did login. But the second request is fastest than response from first request. As I mean. And the error message occurs. It is server side problem. I know that clicking to submit button is not usual case, but it is simulating situations on slower wire. It is annoying to submit issue update this way: type some description of update, ctrl+c, click to submit, error occured, close the browser, log again, find issue, ctrl+v, submit. This behaviour is sometimes to see at a slower internet.
I guess the server expects for different token, because the user is logged in by the first request.
#11 Updated by Felix Schäfer almost 3 years ago
Well, if it's a network problem, it's not something that can or should be solved on the server… Anyway, try as I may, I can't reproduce it either here, nor on 2 other redmine installations. Maybe you could try to search for the invalid authenticity token and slow connection on google with rails, because it's a mechanism of rails, not of redmine itself.
#13 Updated by Ewan Makepeace over 2 years ago
This is a huge problem for me and is very simple to reproduce:
- Log out from Redmine.
- Go to your email
- Click on the links on three different issues in your email so that three tabs open in your favourite browser.
- Presumably each is prepopulated with your login details in the browser.
- On teh first tab you can click login and be redirected to the issue.
- On the other tabs when you hit login you get the dreaded "Invalid form authenticity token.". Now you have to login again and after you do so your redirect is lost so you close the tab and go and look for the email again.
I hate this message so much I am considering moving off Redmine (Pivot Tracker looks rather attractive?). Seriously this is a monster issue that is driving me insane.
#16 Updated by Felix Schäfer over 2 years ago
Bruno Medeiros wrote:
Felix, Could you try the Ewan Makepeace case?
This bug is really annoying…
I don't need to try it, what happens to Ewan is because of a security feature of rails, and only related to the OP by the mechanism that causes it. The OP has a problem when submitting a single form more than once (multiple clicks on one and only submit button), whereas Ewan has a problem because he tries to send the "same form" multiple times from different browser tabs/windows. I'm not sure if there is a secure way to work around Ewan's problem, but please don't hijack this issue for it and open a new one instead, thanks.
Oh, and Ewan: as happy as I am about people using redmine, no one here will hold you back from using what you think is best for you.
#17 Updated by David Escala over 2 years ago
The easiest way to reproduces is:
- login to http://www.redmine.org/login
- go back with browser button
- submit again the login form
To avoid the error page and redirect the user to a sensible location I have patched
app/controllers/application_controller.rb in 1.0-stable:
end - render_error "Invalid form authenticity token." + redirect_back_or_default(home_path) end
The second submit is not (and should not be) processed.