Hi Orchard Gurus,
I'm having a bit of an issue with this exception: 'A required anti-forgery token was not supplied or was invalid'
Stack trace for info:
System.Web.Helpers.AntiForgeryWorker.Validate(HttpContextBase context, String salt) +121143
System.Web.Helpers.AntiForgery.Validate(HttpContextBase httpContext, String salt) +45
System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +68
Orchard.Mvc.AntiForgery.AntiForgeryAuthorizationFilter.OnAuthorization(AuthorizationContext filterContext) in D:\InformationServices\Web\Orchard\Pod\Orchard.Source.1.2.41\src\Orchard\Mvc\AntiForgery\AntiForgeryAuthorizationFilter.cs:37
System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +102
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +343
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +97
System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) +10
System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +12
System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f) +7
System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +22
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +60
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
Orchard.Mvc.Routes.HttpAsyncHandler.EndProcessRequest(IAsyncResult result) in D:\InformationServices\Web\Orchard\Pod\Orchard.Source.1.2.41\src\Orchard\Mvc\Routes\ShellRoute.cs:148
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184
Steps to reproduce:
- Open any browser which supports tabbing, and open two tabs.
- In both tabs, navigate to 'http://your-site/users/account/logon'
- In the first tab, login as a valid user, and wait for the site to finish loading.
- On the second site, try to log in again.
I know this isn't a normal set of circumstances, but I'm finding some of my users are getting themselves into a similar sort of state, maybe by leaving one of thier tabs open whilst browsing on another, then coming back to the one they left and seeing they're
not logged in, so trying to login.
I didn't raise this on the issue tracker as I'm not sure whether it's really a bug, but any ideas of how to get around it would be great. I thought about overriding the 'AntiForgeryAuthorizationFilter' class, but I'm not really sure what I'd do in there
to be honest...
Thanks in advance for your thoughts!
I find this a common enough scenario, I know I've done it myself on other websites. I think it's worth raising a bug (I've tested and can reproduce it easily).
In general it'd be good if a friendlier screen was displayed for anti forgery; I'm sure there are other ways it can get inadvertently triggered (e.g. timeout?) and a YSOD is never good to throw in a user's face! (Especially "anti forgery" which might sound
kind of serious to a non-technical user... Sort of reminds me of something that happened years ago when I worked in a computer shop. We'd sold a new computer to a family a few days prior and suddenly one of them phoned up sounding genuinely
scared, because their computer had told them they'd performed an "illegal operation" and
they were worried the police might be on their way...)
Feb 1, 2012 at 6:45 PM
Yes, please file a bug. Thanks for reporting it.
Thanks for responding guys, I have opened issue #18404 on the issue tracker. Cheers