Interestingly, examining the session files reveals that after the CSRF mismatch error, that the SessionID stops getting written into the session file:
Session file with a clean session and Safari restarted:
SecurityID|s:40:"60bdeaf698fc23edac12fe78ec42b25e2a3b20a4";HTTP_USER_AGENT|s:119:"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/6.1.1 Safari/537.73.11";
But after the 400 Error / CSRF SecurityID Mismatch:
SecurityID|N;HTTP_USER_AGENT|s:88:"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.73.11 (KHTML, like Gecko)";
Cookies are enabled and 'Do not track' is disabled.
Posted to: CSRF error on form submission: "There seems to have been a technical problem. Please click the back button refresh your browser, and try again." | Show Thread | Post Reply