I appear to be running into an issue using the Html.AntiForgeryToken() where I receive an exception about not being able to add headers because they have already been sent.
All of the information I have found indicates that this could be because the buffer is flushed somewhere along the line, when I get the exception I see a CRLF in the output buffer, so I am thinking that could be it.
I am looking specifically to intercept Application_BeginRequest, but was also considering intercepting a couple of others, it looks like all of the methods inside the UmbracoApplication object are not virtual, so I cannot simply do it there.
The question is, where does one intercept these methods and/or does anyone have any ideas why I would be getting an exception when trying to use the AntiForgeryToken(), oddly - it is not consistent across all pages using the masterpage that is having the issue.
Do you have perhaps some (output) caching in place ? I have seen issues in the past when we used the AntiForgeryToken and had output cache in place. This cached the token in the output and that way the token became invalid for users visiting the cached page.
I finally tracked this down - it was a combination of 2 different issues.
When there is a response.redirect something this error appears, as far as I can tell, the only way to correct this is if the page redirecting had already written the cookie, then you are fine.
Pages that include multiple ajax forms frequently exhibit the issue because you render the cookie more than once.
The solution is to render the cookie once, and reuse the created token across forms/pages.
Intercept Application_*, or some other events?
I appear to be running into an issue using the Html.AntiForgeryToken() where I receive an exception about not being able to add headers because they have already been sent.
All of the information I have found indicates that this could be because the buffer is flushed somewhere along the line, when I get the exception I see a CRLF in the output buffer, so I am thinking that could be it.
I am looking specifically to intercept Application_BeginRequest, but was also considering intercepting a couple of others, it looks like all of the methods inside the UmbracoApplication object are not virtual, so I cannot simply do it there.
The question is, where does one intercept these methods and/or does anyone have any ideas why I would be getting an exception when trying to use the AntiForgeryToken(), oddly - it is not consistent across all pages using the masterpage that is having the issue.
Anyone?
Hi John,
Do you have perhaps some (output) caching in place ? I have seen issues in the past when we used the AntiForgeryToken and had output cache in place. This cached the token in the output and that way the token became invalid for users visiting the cached page.
Dave
I finally tracked this down - it was a combination of 2 different issues.
When there is a response.redirect something this error appears, as far as I can tell, the only way to correct this is if the page redirecting had already written the cookie, then you are fine.
Pages that include multiple ajax forms frequently exhibit the issue because you render the cookie more than once.
The solution is to render the cookie once, and reuse the created token across forms/pages.
is working on a reply...