CSRF token error. Try to refresh the page and try again

@mikew did you apply the ugly-but-works workaround with the cookie lifetime?

Another ugly fix for Mautic 3 instance is to replace the template Views:User:Security:ajax.html.php template

I encountered this error if the user has been logged out and I logged back in using ajax render login form.

I solved it by forcing complete refresh of login page which also regenerates the CSRF token:

<?php
$view->extend('MauticCoreBundle:Default:content.html.php');
$view['slots']->set('headerTitle', $view['translator']->trans('mautic.user.auth.expired.header'));
?>

<script type="text/javascript">
    window.location.reload();
</script>

Hope it helps someone.
Regards, M.

Using latest 4.2.0 and still getting this issue.

Click new contact, fill the form with details, click save, and it tells CSRF token error, now you have to re-enter all the contact information again after refresh. Why it does not tell you the CSRF token error when clicking on add contact or doing refresh before entering info?

What is the fix for this?

I have solved this here:

Its not my favorite fix, but its the only one that worked so far.

There is a PR coming up, that plays with the ā€˜Remember meā€™ cookie.
Plz test if you can, itā€™s keeping me logged in:

Hey @joeyk I tried this and seems to have not worked for me.
I updated the issue on GitHub, I am not able to get to the mautic instance ā€œoffline errorā€. I see some errors in my log:

[error] 1851#1851: *784641 FastCGI sent in stderr: "PHP message: ParseError: syntax error, unexpected ''lifetime'' (T_CONSTANT_ENCAPSED_STRING), expecting ']' - in file /var/www/mautic/app/config/security.php - at line 98" while reading response header from upstream, client: 132.82.126.64, server: mymautic.com, request: "POST /mailer/sendgrid_api/callback HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "mymautic.com"

It would be interesting to know whats the value of:
$configParameterBag->get('rememberme_lifetime')

Looking at my config its nothing out of the ordinary and it should not break. Can you clear the cache and try again.

did that a few timesā€¦ strange behaviour.

@mzagmajster You can check the value of $configParameterBag->get(ā€˜rememberme_lifetimeā€™) by putting the line: dd($configParameterBag); right after your configParameterBag = $parameterLoader->getParameterBag();. The value should be 31536000, which is one year in seconds

@mikew Copying a reply I made on GitHub here:

Might be a few ways to fix this. It sounds like the file might have been copied to the wrong directory; can you make sure the change is only in app/config/security.php?

If thatā€™s not the problem, letā€™s try this: Revert back to your Mautic instance from before the change, then open your console, cd to the Mautic folder, and type ā€œgh pr checkout 10994ā€. This will make the exact file changes thatā€™s in my PR. See if that works for you

Last, we can always test with GitPod. You can click on the ā€œOpen in GitPodā€ button in GitHub when you look at the PR. Itā€™s working for me there. I found the cookie using Right Click > Inspect > Application > Cookies > https://8080-bradycargleā€¦

Just to reup this, itā€™s still happening to me on 4.4.5 - frequency vastly reduced, so something has been changed in the last few releases, but still happening, particularly when adding contacts, although I canā€™t put my finger on any particular action that causes it. Anyone working on it, let me know if I can provide any helpful informationā€¦

I am also facing this issue in some of my mautic installations

Itā€™s normal. Just log in again from the REAL login page.

1 Like

Yeah, I do that all the time, Login Again but sometimes its frustrating when I have made changes and then it gives this error.

1 Like

This happens to me a lot too.
The truth is a bit strange.

Oldest problem in the Mautic pile!

I remember @escopecz giving an explanation many years ago, I also remember not understanding anything he said at the timeā€¦
What I do remember from his explanation of the issue is that it wasnā€™t Mauticā€™s faultā€¦

I actually once got this fixed by upgrading nginx to the latest versionā€¦ but downgraded after that and back to the same problem. I remember that Mautic was not playing well with php 8.0 and the latest nginx version

It seems to me that this might have some (positive) impact on the issue

In some cases, if AJAX requests are made by the page to an apparently different (perhaps local as opposed to public) location, that may well cause CSRF issues.

This is merged into Mautic 4.4.10 :+1:

1 Like

Likewise, logging in via /s/login has no effect - I regularly get the same error <1min later.

it happened to me as well and your suggestion solved the issue