CSRF token error. Try to refresh the page and try again

Hi fellow Mautic Guru’s - does anyone know how to fix this issue - is it a Mautic thing or a server thing ?

@joeyk ? @ekke ?

Would really appreciate some assistance here

1 Like

It seems to have disappeared with the latest version :wink:

Man I missed this sorry. Not like I know the answer…

1 Like

I have the same problem here, on v3.3.1. It seems to happen when I am in the configuration section, which leads me to believe it’s because of the way that section uses a page-within-a-page, via AJAX or an iframe. I might be re-logging in to the sub-page that had been loaded with AJAX/iframe, but the parent page still has my older login token.

Is there any solution here. It is such a hard thing to deal with when dealing with clients what this is all about:

Second this, it has haunted my for years with multiple Mautics, different browsers, diff local machines, diff server set ups but the CSRF token issue just follows me around.

I have a workaround that’s effectively fixed this bug in my 3.3.1 installation from March 2021. I don’t see any reason it wouldn’t work in v4.

The hack keeps the Mautic login fresh by using AJAX to fetch a Mautic page every 9 minutes, just short of the 10 minute timeout that plagues many users.

I documented my solution here: https://github.com/mautic/mautic/issues/9804#issuecomment-806422002

I applied another workaround but not sure how good it is, but it works well.
change php.ini from

session.gc_maxlifetime = 1440
to
session.gc_maxlifetime = 14400

Whoa, 10x longer cookie lifetime.
(restart apache of course)

1 Like

If your sessions are already working correctly, changing the session timeout like this can be useful. However, this won’t fix the problem many installations are having with being logged-out after only 10 minutes of inactivity. Please view the entire topic about this bug at https://github.com/mautic/mautic/issues/9804

Hmm… okay, so I guess my sessions were working fine, but I was logged out after 1440 seconds, as that was the max allowed by php?

Previously there was a REMEMBERME cookie placed by Mautic, and that is gone now. Is that a bug, or ‘remember me’ function has been changed?

Sometimes I login to Mautic and immediately I am greeted with about 20 messages going down the side of this.

I just cannot believe that I am the only one feeling this pain and that there is no fix yet.

I think many of is learned to live with the pain and forgot what a pain free life is.

I am trying out @markerb solution as posted in GitHub… going to monitor it and hopefully this will fix the issue.

will keep you updated.

I don’t think my code will fix your problem if you are being logged out immediately after logging in. My hack workaround is for users who are logged out after 10 minutes of inactivity. Your issue sounds like something else, more akin to the entire login session being instantly discarded. I’m not entirely clear how Mautic sessions are maintained, but you might check that both the server’s and browser’s time of day are correct.

It actually kept me logged in, and even while I left an editor window open on email.

However this morning I came back - was logged out and I get all these messages when login in.

I mean surely there must be something to do about this.

There are no errors in the console, but there are warnings and info…

You aren’t providing enough information for someone to debug this. What about network failures? What about cookies? Have you used your browser’s development console to monitor those things? Sometimes cookies get thrown out or blocked. My workaround won’t work if the network connection is sporadic.

Again, I am not knowledgeable about Mautic’s use of cookies and CSRF tokens. Even if you provide more information, someone else would probably need to get involved.

Hey @markerb - thanks for your response. Yeah I know I am not providing enough info here, I can provide whatever is needed, I just do not know what is required, and from the reponse on the forum, , there does not seem to be too many people that know what is required… I understand you are not the correct person here either… anyway as @joeyk says “maybe we just have to learn to live with this”…

Appreciate your help so far and especially the code you wrote as this is helping with other instances I have

@mikew did you apply the ugly-but-works workaround with the cookie lifetime?

Another ugly fix for Mautic 3 instance is to replace the template Views:User:Security:ajax.html.php template

I encountered this error if the user has been logged out and I logged back in using ajax render login form.

I solved it by forcing complete refresh of login page which also regenerates the CSRF token:

<?php
$view->extend('MauticCoreBundle:Default:content.html.php');
$view['slots']->set('headerTitle', $view['translator']->trans('mautic.user.auth.expired.header'));
?>

<script type="text/javascript">
    window.location.reload();
</script>

Hope it helps someone.
Regards, M.

Using latest 4.2.0 and still getting this issue.

Click new contact, fill the form with details, click save, and it tells CSRF token error, now you have to re-enter all the contact information again after refresh. Why it does not tell you the CSRF token error when clicking on add contact or doing refresh before entering info?

What is the fix for this?