Move to CSRF tokens inside sessions (instead of expiring cookies) #305

Open

Open

Move to CSRF tokens inside sessions (instead of expiring cookies)#305

Assignees

Labels

bughigh priority

Several users have reported being unable to play any challenges (they get the JSON unexpected etc message). They all reported it around the same time, and logging out/in fixes it. Weirdly it seems they're still logged in, so I'm not sure what exactly it is.

added

on Jan 23, 2019

self-assigned this

on Jan 23, 2019

OwnerAuthor

This is a CSRF token issue. If you log in twice it changes the tokens in the old session.

OwnerAuthor

Added logging to try to figure out why my csrf tokens are getting corrupted/disappearing #306

closed this as completed

OwnerAuthor

closing because better error messaging. still should keep an eye on it. hopefully people aren't getting their tokens messed up all the time.

reopened this

changed the title ~~[-]Possible session bug[/-]~~ Move to CSRF tokens inside sessions (instead of expiring cookies)

OwnerAuthor

this still happens a lot. People's CSRF cookies just disappear. They are probably expiring.

to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

domino14

Labels

bughigh priority

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

Code with Copilot Agent Mode

No branches or pull requests

Participants