Skip to content

Consider to add some important notes for session config if encounter csrf token invalid #119

Description

@Cryxto

Sometimes when we receive desired return of cookie and either header/body for csrf to match even both have right value , it still false when validated.

The culprit was the session , it seems when validating it couldn't match the session ID between generation and validation, so it failed. The option in my case that i should turn the saveUninitialized to true .

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions