Page MenuHome

CSRF token expire time too short
Closed, ResolvedPublicBUG


Forms fail to save (CSRF token expired notification) if the edit page was open for a while, which can happen when large files are uploaded over slow internet.

Event Timeline

Pablo Vazquez (pablovazquez) lowered the priority of this task from 90 to High.Apr 5 2019, 3:09 PM
Pablo Vazquez (pablovazquez) created this task.

I started looking into this. The issue can be fixed by:

  • extending the WTF_CSRF_TIME_LIMIT
  • introducing an expired CSRF token renewal mechanism

To be further discussed with @Sybren A. Stüvel (sybren).

The issue has been addressed by raising the token time limit several months ago. Feel free to reopen if the problem persists.

Francesco Siddi (fsiddi) changed the task status from Unknown Status to Resolved.Oct 9 2019, 11:25 PM