Invalid CSRF Token
-
Our old friend, invalid CSRF token is back.
NodeBB v1.1.0
Git commit:296dc77c7bb2bbf92f711089d77e4f32f729951f
Redis3.0.7So far, I've tried 1) different browsers and 2) clearing out the individual cookies related to the domain.
Plugins:
- nodebb-theme-persona - nodebb-plugin-markdown - nodebb-plugin-mentions - nodebb-plugin-spam-be-gone - nodebb-widget-essentials - nodebb-rewards-essentials - nodebb-plugin-reddit - nodebb-plugin-soundpack-default - nodebb-plugin-emoji-extended - nodebb-plugin-rss - nodebb-plugin-twitter - nodebb-plugin-desktop-notifications - nodebb-plugin-question-and-answer - nodebb-plugin-sso-google-confirmed - nodebb-plugin-dbsearch - nodebb-plugin-sso-dropbox - nodebb-plugin-custom-pages - nodebb-plugin-twitch - nodebb-plugin-write-api - nodebb-plugin-youtube-lite - nodebb-plugin-emailer-mandrill - nodebb-plugin-vimeo - nodebb-plugin-newuser-invitation - nodebb-plugin-gravatar - nodebb-plugin-imgur - nodebb-plugin-codeinput - nodebb-plugin-composer-redactor - nodebb-plugin-header-extend - nodebb-plugin-poll - nodebb-plugin-soundcloud - nodebb-plugin-sso-github - nodebb-plugin-sso-googleI've tried resetting all the plugins as well, but this error persists:
Any ideas??
-
@Guiri follow the instructions here... https://github.com/NodeBB/NodeBB/issues/4734
-
Hi, I have the same issue as you, it started a few weeks ago.
Yesterday I have a reported case of "Invalid-session"
- nodebb-plugin-asset-manager - nodebb-plugin-composer-embedly - nodebb-plugin-emailer-sendgrid - nodebb-plugin-embed-videos - nodebb-plugin-emoji-extended - nodebb-plugin-emoji-one - nodebb-plugin-iframely - nodebb-plugin-markdown - nodebb-plugin-mentions - nodebb-plugin-newsletter - nodebb-plugin-newuser-invitation - nodebb-plugin-ns-awards - nodebb-plugin-poll - nodebb-plugin-rss - nodebb-plugin-s3-uploads-updated - nodebb-plugin-slack-extended - nodebb-plugin-soundpack-default - nodebb-plugin-videoplayer - nodebb-rewards-essentials - nodebb-theme-persona - nodebb-widget-essentials - nodebb-widget-ns-statsWe have the same:
- nodebb-theme-persona
- nodebb-plugin-markdown
- nodebb-plugin-mentions - nodebb-widget-essentials
- nodebb-rewards-essentials
- nodebb-plugin-soundpack-default
- nodebb-plugin-emoji-extended
- nodebb-plugin-rss
- nodebb-plugin-newuser-invitation
-
I have met the same problem!
"csrf-invalid": "We were unable to log you in, likely due to an expired session. Please try again"I tried to clean all the cache and cookies of the chrome, but still happened!
NodeBB: V1.1.0 in github tag
Mongodb: 3.2.7
SSL: no
Upgraded from: fresh installed -
where do we set SSL:no. Can you paste your config.json?
-
where do we set SSL:no. Can you paste your config.json?
-
@codecowboy don't think there is a setting like that. Where did you get that from?
-
@codecowboy As @pichalite has mentioned in the other thread, you'll want to reset the
cookieDomainconfig in your NodeBB. -
@pichalite SSL:No is mentioned higher up in this thread
-
@codecowboy he just said that he is not using SSL. There is no such setting.
-
@pichalite aha. My bad. I am stupid. Its a curse.
-
I had the exact same issue, I ended up going back to v1.0.3. Lucky me that there was no change in the database so I could just use git checkout v1.0.3 and then run npm install followed by ./nodebb upgrade and everything went back to a working state.
-
I'm using nginx with SSL, had the same issue with login/CSRF Token when migrated from 1.0.3 to 1.1.2, and, as described before but always good to remain, adding this to my nginx config (
/etc/nginx/sites-enabled/defaultin my case) saved my life, thankproxy_set_header X-Forwarded-Proto $scheme; -
for the record for people finding this via search, for apache2 you have to set this somewhere in your nodebb vhost configuration
with sslRequestHeader set X-Forwarded-Proto "https"without ssl
RequestHeader set X-Forwarded-Proto "http"you might have to enable mod_headers to do so!
