Univention Bugzilla – Bug 46527
Error popup after inactivity: Cross Site Request Forgery attack detected.
Last modified: 2021-09-13 17:30:40 CEST
During product tests I had to leave my open UMC web Administrator session for a while and when I came back and clicked on the users module to open it (DHCP and policies modules where still open), I received this error popup: ============================================================================= An error occurred You are not authorized to perform this action. Server error message: Cross Site Request Forgery attack detected. Please provide the "UMCSessionId" cookie value as HTTP request header "X-Xsrf-Protection". =============================================================================
Browser: Firefox 58.0.2 (64-bit).
Same browser; UCS 4.3-0; DC master; same error message but I clicked on the users/user module
This was reported due to Bug #46319 23 times.
I saw this with chrome while having the network tab open. X-XSRF-Protection was in fact not the same as the sessionId in the cookie for that request. Interestingly I couldn't find any response header that set a cookie with the sessionId that was sent as X-XSRF-Protection in the failed request? Anyway a retry instead of an error would be nice.
This issue has been filed against UCS 4.3. UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.
Reopen → happened again at a school customer
(In reply to Sönke Schwardt-Krummrich from comment #6) > Reopen → happened again at a school customer Which UCS version?