Redmine

Or if you have opened the detail of issue for a long time and than submit your notes.

same as #5051 ?

I don't know how to confirm your suspect.

Do you still experience issues with the authenticity token?

Why not? What were changed? Show login dialog, fill credentials, double click to login button. It is the simplest way to simulate bahaviour. Another problem is if you have ISP with large latence (response time), e.g. slow wifi.

Petr Pospisil wrote:

Why not? What were changed? Show login dialog, fill credentials, double click to login button. It is the simplest way to simulate bahaviour. Another problem is if you have ISP with large latence (response time), e.g. slow wifi.

I cannot reproduce this, as long as you can't give a clear way to reproduce (i.e. download a fresh redmine, laod the default data, don't install any plugin, reproduce), we won't be able to help you.

This post above I had to submit twice - at the first case, I saw "Invalid form authenticity token"...

As I said, I can't reproduce it, though I've been trying like hell to double-click on the login button. Is it maybe a problem with your browser? Have you tried it from another browser? From another machine?

Sorry, it is not just my problem or browser problem. Can you see screen shots from another peoples or browers? :o). I guess no.

Login page -> fill credentials -> clicking to submit button more than once (e.g. twice, 5 times...). At the first request, the system did login. But the second request is fastest than response from first request. As I mean. And the error message occurs. It is server side problem. I know that clicking to submit button is not usual case, but it is simulating situations on slower wire. It is annoying to submit issue update this way: type some description of update, ctrl+c, click to submit, error occured, close the browser, log again, find issue, ctrl+v, submit. This behaviour is sometimes to see at a slower internet.

I guess the server expects for different token, because the user is logged in by the first request.

Well, if it's a network problem, it's not something that can or should be solved on the server… Anyway, try as I may, I can't reproduce it either here, nor on 2 other redmine installations. Maybe you could try to search for the invalid authenticity token and slow connection on google with rails, because it's a mechanism of rails, not of redmine itself.

You are right, it seems to be rails problem. But the result is unworking redmine.. :(.

This is a huge problem for me and is very simple to reproduce:

1. Log out from Redmine.
2. Go to your email
3. Click on the links on three different issues in your email so that three tabs open in your favourite browser.
4. Presumably each is prepopulated with your login details in the browser.
5. On teh first tab you can click login and be redirected to the issue.
6. On the other tabs when you hit login you get the dreaded "Invalid form authenticity token.". Now you have to login again and after you do so your redirect is lost so you close the tab and go and look for the email again.

I hate this message so much I am considering moving off Redmine (Pivot Tracker looks rather attractive?). Seriously this is a monster issue that is driving me insane.

PS Version Redmine 1.0.1.devel.4167 (MySQL)

Felix, Could you try the Ewan Makepeace case?

This bug is really annoying...

Bruno Medeiros wrote:

Felix, Could you try the Ewan Makepeace case?

This bug is really annoying…

I don't need to try it, what happens to Ewan is because of a security feature of rails, and only related to the OP by the mechanism that causes it. The OP has a problem when submitting a single form more than once (multiple clicks on one and only submit button), whereas Ewan has a problem because he tries to send the "same form" multiple times from different browser tabs/windows. I'm not sure if there is a secure way to work around Ewan's problem, but please don't hijack this issue for it and open a new one instead, thanks.

Oh, and Ewan: as happy as I am about people using redmine, no one here will hold you back from using what you think is best for you.

The easiest way to reproduces is:

1. login to http://www.redmine.org/login
2. go back with browser button
3. submit again the login form

To avoid the error page and redirect the user to a sensible location I have patched app/controllers/application_controller.rb in 1.0-stable:

     end
-    render_error "Invalid form authenticity token." 
+    redirect_back_or_default(home_path)
   end

The second submit is not (and should not be) processed.

I got this on my old production installation...briefly.

It occurred when I changed my password in Active Directory, and I had not yet updated the "bind pw" on my LDAP connection setup page.

hope that helps.

I had the same problem and created this account just to share my solution.

tl;dr
Delete browser cookies, start again

How it happened
I was using redmine version 3.1.2 in a 32bit linux mint 15. Formated my machine with a brand new linux mint 17.2 64 bit and installed redmine version 3.1.2. Restored database and stuff, everything as usual.
When I logged, I got the same error.

How I fixed
After some time looking for the problem, figured out I had an older cookie from previous installation (using chrome sync), pressed F12, deleted all cookies and everything works fine.

Just in case someone needs it

David Escala wrote:

To avoid the error page and redirect the user to a sensible location I have patched app/controllers/application_controller.rb in 1.0-stable:

- render_error "Invalid form authenticity token."
+ redirect_back_or_default(home_path)

This works great. Thanks.