Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9246

Cannot recover from CSRF error without session timeout

    Details

      Description

      Reproduce:

      • Login to Cockpit
      • Invalidate the CSRF token (by going to the dev tools, and change the value of the XSRF-TOKEN cookie)
      • Perform any operation that uses a POST request, e.g. goto any process definition page
      • Observe the denied by server error message and refresh the page

      Expected:

      • After page refresh, the csrf token is refreshed

      Observed:

      • Since the token is stored as cookie, the issue persists even after the page refresh

      Workaround:

      • Let the session expire and login again. On login, a new CSRF token is granted (it is not possible to logout without the correct CSRF token, so actually waiting for a session timeout or clearing the session cookie manually is the only way)

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              michael.schoettes Michael Schoettes
              Reporter:
              sebastian.stamm Sebastian Stamm
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development