CSRF token error. Try to refresh the page and try again

Your software
My Mautic version is: 2.16x + 3.x
My PHP version is: 7.2 & 7.3
My Database type and version is: MariaDB

Your problem
My problem is:

I have very similar installations of mautic for a number of instances and on some of them I continually get the token refresh error.

There has to be an easy fix to this that I am not aware of.

I am running NginX server on Ubuntu 18.04 & 20

So looking for someone to point me in the direction I cannot see.

These errors are showing in the log:

Steps I have tried to fix the problem:

Hi Mikew,

I’ve seen these after the session has timed out. In my browser I get this until I refresh the page and then login.

Have you tried clearing your browser’s Cache? Or moving to another Browser?

Anything showing up in the logs?

1 Like

Logs don’t show anything. I have used it in different browsers, not sure if it is a web server setting or something inside Mautic. But certain instances I can be in forever and certain after a minute I get this, sometimes even 3 times in a row.

Hi fellow Mautic Guru’s - does anyone know how to fix this issue - is it a Mautic thing or a server thing ?

@joeyk ? @ekke ?

Would really appreciate some assistance here

1 Like

It seems to have disappeared with the latest version :wink:

Man I missed this sorry. Not like I know the answer…

1 Like

I have the same problem here, on v3.3.1. It seems to happen when I am in the configuration section, which leads me to believe it’s because of the way that section uses a page-within-a-page, via AJAX or an iframe. I might be re-logging in to the sub-page that had been loaded with AJAX/iframe, but the parent page still has my older login token.

Is there any solution here. It is such a hard thing to deal with when dealing with clients what this is all about:

1 Like

Second this, it has haunted my for years with multiple Mautics, different browsers, diff local machines, diff server set ups but the CSRF token issue just follows me around.

I have a workaround that’s effectively fixed this bug in my 3.3.1 installation from March 2021. I don’t see any reason it wouldn’t work in v4.

The hack keeps the Mautic login fresh by using AJAX to fetch a Mautic page every 9 minutes, just short of the 10 minute timeout that plagues many users.

I documented my solution here: https://github.com/mautic/mautic/issues/9804#issuecomment-806422002

I applied another workaround but not sure how good it is, but it works well.
change php.ini from

session.gc_maxlifetime = 1440
to
session.gc_maxlifetime = 14400

Whoa, 10x longer cookie lifetime.
(restart apache of course)

1 Like

If your sessions are already working correctly, changing the session timeout like this can be useful. However, this won’t fix the problem many installations are having with being logged-out after only 10 minutes of inactivity. Please view the entire topic about this bug at https://github.com/mautic/mautic/issues/9804

Hmm… okay, so I guess my sessions were working fine, but I was logged out after 1440 seconds, as that was the max allowed by php?

Previously there was a REMEMBERME cookie placed by Mautic, and that is gone now. Is that a bug, or ‘remember me’ function has been changed?

Sometimes I login to Mautic and immediately I am greeted with about 20 messages going down the side of this.

I just cannot believe that I am the only one feeling this pain and that there is no fix yet.

I think many of is learned to live with the pain and forgot what a pain free life is.

1 Like

I am trying out @markerb solution as posted in GitHub… going to monitor it and hopefully this will fix the issue.

will keep you updated.

I don’t think my code will fix your problem if you are being logged out immediately after logging in. My hack workaround is for users who are logged out after 10 minutes of inactivity. Your issue sounds like something else, more akin to the entire login session being instantly discarded. I’m not entirely clear how Mautic sessions are maintained, but you might check that both the server’s and browser’s time of day are correct.

It actually kept me logged in, and even while I left an editor window open on email.

However this morning I came back - was logged out and I get all these messages when login in.

I mean surely there must be something to do about this.

There are no errors in the console, but there are warnings and info…

You aren’t providing enough information for someone to debug this. What about network failures? What about cookies? Have you used your browser’s development console to monitor those things? Sometimes cookies get thrown out or blocked. My workaround won’t work if the network connection is sporadic.

Again, I am not knowledgeable about Mautic’s use of cookies and CSRF tokens. Even if you provide more information, someone else would probably need to get involved.

Hey @markerb - thanks for your response. Yeah I know I am not providing enough info here, I can provide whatever is needed, I just do not know what is required, and from the reponse on the forum, , there does not seem to be too many people that know what is required… I understand you are not the correct person here either… anyway as @joeyk says “maybe we just have to learn to live with this”…

Appreciate your help so far and especially the code you wrote as this is helping with other instances I have