CSRF token-related issues

** Apache 2.4
My Mautic version is: 45_mautic-449
My PHP version is: PHP 8.0
My Database type and version is: MySQL 8.0

Hi everyone,

I. Issue

The Mautic password reset produced the following error message: mautic.cfored.com

The CSRF token is invalid. Please try to resubmit the form.

II. Description

We verified the latest version of Mautic (45_mautic-449). Knowledge articles indicate that previous versions might have CSRF token-related issues. We checked the HTML code and confirmed that the CSRF token is set in the JavaScript variable mauticAjaxCsrf. The value of mauticAjaxCsrf is 5txTbW5W3hzvppBa8ukbT5MOmsGcsEEAEOBZ83pyApo. This is the value of the CSRF token.

The HTML code is as follows:

<input type="hidden" name="mauticAjaxCsrf" value="5txTbW5W3hzvppBa8ukbT5MOmsGcsEEAEOBZ83pyApo">

See the captured screenshot image:

2023-07-04 13.15.09 mautic.cfored.com d08296470eb21320×818 25.4 KB

III. Request

Can you diagnose a workaround for the CSRF token being invalid so that I can reset and log into Mautic?

I hope this is helpful! Let me know if you have any other questions.

Regards,
Harold

Hi,
just to make sure: Could you please switch from http to https? Several issues are related to this simple hack. There is no useful way to use mautic with http only anyway.

Adding on top of @dirk_s answer, if the issue happens to persist try force refreshing your page and submitting then.

Thank you, Dirk_s and Mzagmajster! The issue is resolved. Is there a Mautic Cron Job Setup to mitigate these token events?

Not as far as I know, but as @dirk_s said I would force to always use https. As for the force refresh part - I encountered this issue some time ago with the login page. I solved this in a way that I always forced login page refresh and so CSRF token was regenerated.

Thanks again, Mzagmajster!

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.