Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Jun 11, 2018 @ 08:34
    Ismail Mayat
    0

    forgery cookie "__RequestVerificationToken" is not present

    We have a recently setup a form using umbraco forms. We are using umbraco 7.10.3 and forms 7.0.3. We have elmah.io turned on for this site and we are seeing a few errors namely:

    url:/umbraco/RenderMvc, The required anti-forgery cookie "__RequestVerificationToken" is not present

    Users of the site have reported getting an error sometimes when submitting this form.

    Anyone seen this before?

    Regards

    Ismail

  • Andrew Hawken 59 posts 116 karma points c-trib
    Jun 11, 2018 @ 09:13
    Andrew Hawken
    0

    Is this a load balanced scenario? Not specific to umbraco or umbraco forms, but this happens if the response lands on a different server to the request. IIRC there are ways of dealing with it involving machine key configuration. (I may be miles off here)

  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Jun 11, 2018 @ 09:36
    Ismail Mayat
    0

    Andrew,

    Site is not load balanced but its sitting on azure so maybe needs machine key?

    Regards

    Ismail

  • Andrew Hawken 59 posts 116 karma points c-trib
    Jun 11, 2018 @ 09:49
    Andrew Hawken
    0

    Assuming its an app service, you are sure the app service plan is set for single instance with no scale out? Because that's exactly what you would see if it wasn't. Turning on ARR affinity might help if it is.

    If it isn't, might be worth looking at the logs to see if the instance has been migrated for other reasons - scale up or possibility between hosts might cause the issue. Also code release then VIP swap etc would probably also cause the problem.

    Otherwise sorry - I've only seen this with multiple instances.

  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Aug 06, 2018 @ 15:47
    Ismail Mayat
    0

    Auto scale is not supported for the tier that the site is running on.

    Regards

    Ismail

  • Simon Dingley 1474 posts 3431 karma points c-trib
    Oct 25, 2018 @ 11:00
    Simon Dingley
    0

    Did you manage to get to the bottom of this Ismail? We have reports of this on a recently upgraded site as well but in our case it is load-balanced but we do have a custom machineKey shared on all servers so even if they did bounce from one to the other that should not be the cause.

    Note: Due to the Load balancer config I don't believe that users should flip-flop between servers during their session so I don't believe that to be related anyway.

  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Oct 25, 2018 @ 16:46
    Ismail Mayat
    0

    Nope support told me to try a few things that didnt work and not heard anything more. This site is not load balanced and we are getting a couple of these errors daily.

  • Liam Beckett 4 posts 24 karma points
    Oct 25, 2018 @ 23:31
    Liam Beckett
    0

    Hello Ismail - just a thought (from having seen verification token errors with Forms before) - are these forms rendering from a partial (or macro) that might be cached?

    We have had Forms render through a partial that has caching switched on (even 'up the chain', in a parent partial). The cached macro passes the same verification token and when it is submitted it often doesn't match (or is not present). Similar errors get thrown and it wasn't immediately obvious why. Similar to the load-balancing issue but actually a result of cached output on the form.

  • Jeffrey Schoemaker 408 posts 2138 karma points MVP 8x c-trib
    Oct 26, 2018 @ 06:39
    Jeffrey Schoemaker
    0

    Hi all,

    there is some documentation about the AntiForgeryToken in Forms. Maybe you could check that: https://our.umbraco.com/documentation/Add-ons/UmbracoForms/Developer/Configuration/#enableantiforgerytoken

    I have no clue otherwise,

    Jeffrey

  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Oct 26, 2018 @ 07:42
    Ismail Mayat
    0

    Jeffrey,

    Read that as directed by support does not apply to us. The caching suggestion by Liam will check that further but afaik the from is not cached.

    Regards

    Ismail

  • Robert Lewis 29 posts 94 karma points
    Nov 06, 2018 @ 18:42
    Robert Lewis
    0

    Hi Ismail

    In my case, it only started occurring when I added something in the web.config. This line - I removed this line and it worked again. Not sure if this will be the same case for you.

    Thanks Rob

  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Nov 06, 2018 @ 18:57
    Ismail Mayat
    0

    Sorry which line?

  • Robert Lewis 29 posts 94 karma points
    Nov 06, 2018 @ 18:59
    Robert Lewis
    1

    sorry it has removed the line

        <httpCookies httpOnlyCookies="true" requireSSL="true" />
    
  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Nov 12, 2018 @ 10:05
    Ismail Mayat
    0

    Dont have this line in web.config

  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Nov 06, 2018 @ 19:43
    Ismail Mayat
    0

    Robert,

    Cool will take a look.

  • Mark Bowser 273 posts 860 karma points c-trib
    Nov 06, 2018 @ 20:55
    Mark Bowser
    0

    It looks like people have already tried this, but we had at least a very similar problem in a load balanced environment and it was because we were missing the machineKey.

  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Nov 12, 2018 @ 10:01
    Ismail Mayat
    0

    Mark,

    We are not load balanced so this it not the issue for us.

    Regards

    Ismail

Please Sign in or register to post replies

Write your reply to:

Draft