When logging in I receive the error “Invalid CSRF token”.
I’ve checked other topics but none of the solutions there seem to apply to my project.
HTTP response
HTTP/1.1 400 Bad Request
Date: Fri, 02 Apr 2021 14:03:06 GMT
Server: Apache
Set-Cookie: kirby_session=151c640731a79bd35f6c9c7f5652f1ba885f5767%2B1617379387.a986e1bbdb290a6f1ec4.25e9fd89523ff7aab91f9638166043ffbb6c8009f64b65f9dcf564a9d29103f6; expires=Fri, 02-Apr-2021 16:03:07 GMT; Max-Age=7200; path=/; secure; HttpOnly; SameSite=Lax
Connection: close
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
Things I’ve tried:
-
Clearing browser cookies
Seems to have no impact. -
Disabling adblockers
Seems to have no impact. -
Clearing the site/sessions folder
Thesite/sessionsfolder keeps piling up with .sess files. If remove these, I can log in successfully. If I then log out and back in, I get the CSRF error again.
Edit: Now it seems that even this does not work
-
Changed .htaccess to force https
The website works fine without settingRewriteBase /but to get the https redirect to work I had to enable this. I don’t know why.
RewriteBase /
RewriteCond %{HTTP_HOST} !^(.*).local$
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
-
Checked plugins for line breaks on line 1
Some people solved this issue by finding empty lines. I checked all my plugins and found no empty lines.
The project is hosted by the client’s parent company IT department. I’ve had server issues with them before on a K2 project but since moving to K3 an updating to PHP7 those issues have gone. I’m still looking into the slow load times but I think their server infrastructure is also partially to blame for that.
