Defect #5230
open
Invalid form authenticity token.
Added by Petr Pospisil over 14 years ago. Updated about 8 years ago.
0%
Description
Try to click on "Login" button more than once. Message "Invalid form authenticity token" will be appeared.
Files
| Redmine_01.png (35.6 KB) Redmine_01.png | Petr Pospisil, 2010-07-22 14:24 | ||
| Redmine_02.png (39.5 KB) Redmine_02.png | Petr Pospisil, 2010-07-22 14:24 |
Related issues
Updated by Petr Pospisil over 14 years ago
Or if you have opened the detail of issue for a long time and than submit your notes.
Updated by 
Updated by Petr Pospisil over 14 years ago
I don't know how to confirm your suspect.
Updated by Felix Schäfer over 14 years ago
Do you still experience issues with the authenticity token?
Updated by Petr Pospisil over 14 years ago
Why not? What were changed? Show login dialog, fill credentials, double click to login button. It is the simplest way to simulate bahaviour. Another problem is if you have ISP with large latence (response time), e.g. slow wifi.
Updated by Felix Schäfer over 14 years ago
Petr Pospisil wrote:
Why not? What were changed? Show login dialog, fill credentials, double click to login button. It is the simplest way to simulate bahaviour. Another problem is if you have ISP with large latence (response time), e.g. slow wifi.
I cannot reproduce this, as long as you can't give a clear way to reproduce (i.e. download a fresh redmine, laod the default data, don't install any plugin, reproduce), we won't be able to help you.
Updated by Petr Pospisil over 14 years ago
- File Redmine_01.png Redmine_01.png added
- File Redmine_02.png Redmine_02.png added
1) attached screen shot from WWW.REDMINE.ORG
2) attached TRUNK grabbed at 2010-07-22 14:12:00 - no plugins, no mess... just trunk and to command line :"ruby server".
Updated by Petr Pospisil over 14 years ago
This post above I had to submit twice - at the first case, I saw "Invalid form authenticity token"...
Updated by Felix Schäfer over 14 years ago
As I said, I can't reproduce it, though I've been trying like hell to double-click on the login button. Is it maybe a problem with your browser? Have you tried it from another browser? From another machine?
Updated by Petr Pospisil over 14 years ago
Sorry, it is not just my problem or browser problem. Can you see screen shots from another peoples or browers? :o). I guess no.
Login page -> fill credentials -> clicking to submit button more than once (e.g. twice, 5 times...). At the first request, the system did login. But the second request is fastest than response from first request. As I mean. And the error message occurs. It is server side problem. I know that clicking to submit button is not usual case, but it is simulating situations on slower wire. It is annoying to submit issue update this way: type some description of update, ctrl+c, click to submit, error occured, close the browser, log again, find issue, ctrl+v, submit. This behaviour is sometimes to see at a slower internet.
I guess the server expects for different token, because the user is logged in by the first request.
Updated by Felix Schäfer over 14 years ago
Well, if it's a network problem, it's not something that can or should be solved on the server… Anyway, try as I may, I can't reproduce it either here, nor on 2 other redmine installations. Maybe you could try to search for the invalid authenticity token and slow connection on google with rails, because it's a mechanism of rails, not of redmine itself.
Updated by Petr Pospisil over 14 years ago
You are right, it seems to be rails problem. But the result is unworking redmine.. :(.
Updated by Ewan Makepeace about 14 years ago
This is a huge problem for me and is very simple to reproduce:
- Log out from Redmine.
- Go to your email
- Click on the links on three different issues in your email so that three tabs open in your favourite browser.
- Presumably each is prepopulated with your login details in the browser.
- On teh first tab you can click login and be redirected to the issue.
- On the other tabs when you hit login you get the dreaded "Invalid form authenticity token.". Now you have to login again and after you do so your redirect is lost so you close the tab and go and look for the email again.
I hate this message so much I am considering moving off Redmine (Pivot Tracker looks rather attractive?). Seriously this is a monster issue that is driving me insane.
Updated by Ewan Makepeace about 14 years ago
PS Version Redmine 1.0.1.devel.4167 (MySQL)
Updated by Bruno Medeiros about 14 years ago
Felix, Could you try the Ewan Makepeace case?
This bug is really annoying...
Updated by Felix Schäfer about 14 years ago
Bruno Medeiros wrote:
Felix, Could you try the Ewan Makepeace case?
This bug is really annoying…
I don't need to try it, what happens to Ewan is because of a security feature of rails, and only related to the OP by the mechanism that causes it. The OP has a problem when submitting a single form more than once (multiple clicks on one and only submit button), whereas Ewan has a problem because he tries to send the "same form" multiple times from different browser tabs/windows. I'm not sure if there is a secure way to work around Ewan's problem, but please don't hijack this issue for it and open a new one instead, thanks.
Oh, and Ewan: as happy as I am about people using redmine, no one here will hold you back from using what you think is best for you.
Updated by David Escala almost 14 years ago
The easiest way to reproduces is:
- login to http://www.redmine.org/login
- go back with browser button
- submit again the login form
To avoid the error page and redirect the user to a sensible location I have patched app/controllers/application_controller.rb in 1.0-stable:
end
- render_error "Invalid form authenticity token."
+ redirect_back_or_default(home_path)
end
The second submit is not (and should not be) processed.
Updated by Bryce Nordgren over 13 years ago
I got this on my old production installation...briefly.
It occurred when I changed my password in Active Directory, and I had not yet updated the "bind pw" on my LDAP connection setup page.
hope that helps.
Updated by Toshi MARUYAMA about 9 years ago
- Related to Defect #5051: Cookie issue when using Redmine on Firefox added
Updated by Maicon de Oliveira almost 9 years ago
I had the same problem and created this account just to share my solution.
tl;dr
Delete browser cookies, start again
How it happened
I was using redmine version 3.1.2 in a 32bit linux mint 15. Formated my machine with a brand new linux mint 17.2 64 bit and installed redmine version 3.1.2. Restored database and stuff, everything as usual.
When I logged, I got the same error.
How I fixed
After some time looking for the problem, figured out I had an older cookie from previous installation (using chrome sync), pressed F12, deleted all cookies and everything works fine.
Just in case someone needs it
Updated by Greg T about 8 years ago
David Escala wrote:
To avoid the error page and redirect the user to a sensible location I have patched
app/controllers/application_controller.rbin 1.0-stable:- render_error "Invalid form authenticity token."
+ redirect_back_or_default(home_path)
This works great. Thanks.
Updated by Go MAEDA 10 months ago
- Is duplicate of Defect #38986: Ungültiges Authentizitätstoken für Formular added