U4-3907 - Token cookie issues in 7.0.1

Created by Per Ploug 18 Dec 2013, 09:19:57 Updated by Shannon Deminick 09 Jan 2014, 15:01:32

Is duplicated by: U4-3990

Seems like there are a couple of issues with upgrades and clean installs of 7.0.1 with token cookies, some details here:



Shannon Deminick 18 Dec 2013, 22:56:41

only thing we can do is keep an eye on this to see if it is an ongoing problem or if just clearing initial cookies fixes it. When people log in, it creates the csrf token so not sure how to replicate. I was getting these errors before I fixed the chain of events for angular bootup but that fix is in 7.0.1

Anders Brohäll 21 Dec 2013, 07:35:27

The problem occurs when a login has failed, per instance with the wrong password. I would say that the issue is critical. The only way to be able to use the back-office again is to remove cookies, or maybe letting the session expire.

Anders Brohäll 21 Dec 2013, 07:36:11

... using Chrome.

Shannon Deminick 23 Dec 2013, 23:26:06

Thanks, i can replicate this now.

As a work-around, you can just close the browser and re-open it since the csrf token cookies are stored as regular Session cookies. Unfortunately for Chrome however, there's an issue with that in some cases (depending on your settings): https://productforums.google.com/forum/#!topic/chrome/9l-gKYIUg50/discussion

Shannon Deminick 23 Dec 2013, 23:59:28

Fixed in 154ee3975579f3c883d74970a638de3432e6e22b

Priority: Major

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Normal


Backwards Compatible: True

Fix Submitted:

Affected versions: 7.0.1

Due in version: 7.0.2


Story Points: