Umbraco forms error: anti-forgery cookie token and form field token do not match
Hi,
I've built a site using Umbraco 8 which uses Umbraco forms, Umbraco V 8.0.2 and forms V 8.1.1. When trying to submit a form, I recieve this error message:
The anti-forgery cookie token and form field token do not match.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.Mvc.HttpAntiForgeryException: The anti-forgery cookie token and form field token do not match.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpAntiForgeryException (0x80004005): The anti-forgery cookie token and form field token do not match.]
System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) +554
System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) +71
System.Web.Helpers.AntiForgery.Validate() +92
Umbraco.Forms.Core.Attributes.ValidateFormsAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +156
System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +97
System.Web.Mvc.Async.<>c__DisplayClass3_1.<BeginInvokeAction>b__0(AsyncCallback asyncCallback, Object asyncState) +640
System.Web.Mvc.Async.WrappedAsyncResult`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +14
System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) +346
System.Web.Mvc.<>c.<BeginExecuteCore>b__152_0(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) +27
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +30
System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) +494
System.Web.Mvc.<>c.<BeginExecute>b__151_1(AsyncCallback asyncCallback, Object callbackState, Controller controller) +16
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +20
System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +403
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +16
System.Web.Mvc.<>c.<BeginProcessRequest>b__20_0(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) +54
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +30
System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +128
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) +412
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state) +48
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) +16
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +444
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +132
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +163
What's the reason for this error? Also,
wWhen I check the HTML, the forms action is set to a page that exists in the backoffice but in the form workflow the user should be redirected to another page called Tack!:
<form action="/anslagstavla/"...
If I go into the backoffice, saves the form and re-publish the page, the form is working fine on my computer but on another computer I receive the same error, even though I refresh the page with ctrl+F5. Any ideas?
We believe it's a bug in Umbraco 8 with the cache of macros in the rte. We sent an issue to Umbraco HQ but haven't heard since. In Umbraco 8 there is a new field called Form picker and when using that one there's no problem. Another way to solve it was to set EnableAntiForgeryToken to false instead of true in UmbracoForms.config. It makes your inbox more vulnerable to spam however.
we saw this too, problems if the form is rendered as embedded in an RTE with Umbraco 8 - IE11 didnt see the token at all, and quite random errors with token on other browsers, try using a form picker control instead and render directly in razor template
@if (Model.FormPicker != null)
{
var g = new Guid(Model.FormPicker.ToString());
@Umbraco.RenderMacro("renderUmbracoForm", new { FormGuid = g, FormTheme = "MY_SITE_THEME", ExcludeScripts = "0" })
}
Umbraco forms error: anti-forgery cookie token and form field token do not match
Hi, I've built a site using Umbraco 8 which uses Umbraco forms, Umbraco V 8.0.2 and forms V 8.1.1. When trying to submit a form, I recieve this error message:
What's the reason for this error? Also, wWhen I check the HTML, the forms action is set to a page that exists in the backoffice but in the form workflow the user should be redirected to another page called Tack!:
If I go into the backoffice, saves the form and re-publish the page, the form is working fine on my computer but on another computer I receive the same error, even though I refresh the page with ctrl+F5. Any ideas?
How many servers do you have?
If you have more than one server - you should verify that the same machine key defined in web.config
@Bjorn did you ever resolve this?
We believe it's a bug in Umbraco 8 with the cache of macros in the rte. We sent an issue to Umbraco HQ but haven't heard since. In Umbraco 8 there is a new field called Form picker and when using that one there's no problem. Another way to solve it was to set EnableAntiForgeryToken to false instead of true in UmbracoForms.config. It makes your inbox more vulnerable to spam however.
we saw this too, problems if the form is rendered as embedded in an RTE with Umbraco 8 - IE11 didnt see the token at all, and quite random errors with token on other browsers, try using a form picker control instead and render directly in razor template
is working on a reply...