error: /logout invalid csrf token [use ssl, nginx, master branch]

Technical Support
  • Hi, When I'm try to login, register and logout I get an error like error: /logout
    invalid csrf token and popup window invalid-session

    I use today master branch updates, and last nginx config from manual

    #user 'userbb' virtual host '' configuration file
    server {
    return 302 https://$server_name$request_uri;
    server {

    listen ssl spdy;
    ssl_certificate "/var/www/httpd-cert/userbb/";
    ssl_certificate_key "/var/www/httpd-cert/userbb/";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'AES128+EECDH:AES128+EDH';
    ssl_prefer_server_ciphers on;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    gzip on;
    gzip_comp_level 5;
    gzip_disable "msie6";
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;


    nodebb config

    "url": "",
    "secret": "a7cc7856-0ed8-446c-90af-eaf7912953a5",
    "database": "redis",
    "redis": {
    "host": "",
    "port": "6379",
    "password": "",
    "database": "0"

    nodebb log

    22/7 20:40 [26278] - info: NodeBB Ready
    22/7 20:40 [26278] - info: Enabling 'trust proxy'
    22/7 20:40 [26278] - info: NodeBB is now listening on:
    22/7 20:40 [26278] - verbose: [sounds] Sounds OK
    22/7 20:40 [26278] - verbose: [meta/blacklist] Loading 0 blacklist rules
    22/7 20:40 [26278] - verbose: [hotswap] Router with id plugins replaced successfully
    22/7 20:40 [26278] - verbose: [plugins] All plugins reloaded and rerouted
    22/7 20:40 [26278] - verbose: [hotswap] Router with id auth replaced successfully
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    Refused to set unsafe header "User-Agent"
    Discarding entity body for GET requests
    22/7 20:41 [26278] - verbose: [user.auth] Revoking session U79wro1pnq6qQj9fYPrz5zmqhYpnx9FE for user 1
    22/7 20:42 [26278] - error: /logout
    invalid csrf token

    It can affect this error trailing slash in the configs (nodebb and nginx) or what else could be the reason for this error?

  • @Aqua in NodeBB's config.json set the url property to and restart NodeBB.

  • dear friend, I try to change config.json with https, but error has remained. Look to screenshot below
    alt text

  • I am also having this problem. Did a clean install (i am using Heroku) and error still show up. The log simply just say "invalid csrf token"
    After trying for a while somehow I am able to log in. But new users keep facing this issue

  • No fresh ideas? I am ready to experiment for solving error

  • i had this issue too, once i added the proper rule to apache/nginx it was fine

  • @chrismccoy Could you tell me what is the proper rule?

  • @KevinPan share your current nginx config and make sure your url value in config.json matches exactly the url you're accessing the site with.

  • @PitaJ my problem is exactly the same as this post Double URL problem after login | https in config.json gives session error

    Is there a plan that NodeBB gives the next release?

  • @KevinPan your problem is not exactly the same, because according to your reply over there, you're using IIS not nginx.

    I don't know how to use IIS (don't know if any one else here who does) but you'll need to set the same headers that we do in the example nginx file:

Suggested Topics

  • Using Write API with cookie auth

    Unsolved Technical Support
    0 Votes
    4 Posts

  • Console error after upgrade to 2.1.0

    Unsolved Technical Support
    1 Votes
    30 Posts

  • NodeBB Bootstrap error

    Technical Support
    0 Votes
    2 Posts

  • Error Msg

    Solved Technical Support
    0 Votes
    6 Posts

  • 0 Votes
    1 Posts

| | | |