"Missing or invalid form token"

[Dave Abrahams <dave@…>]

Whenever I try to accept a ticket, I get "Missing or invalid form token. Do you have cookies enabled?"

I do have cookies enabled.

Some hacked in tracing reveals that req.args.get('__FORM_TOKEN') is None and in fact req.args contains only {'id': u'83'} (83 is the ticket number)

[eblot]

Which browser are you using?

Did you check the DB for similar issues?

[Dave Abrahams <dave@…>]

Firefox 2.0, and no, sorry, I didn't check. I assumed it was a new thing. Looking around, there are several similar: #4560, #4084, #4979 are the open ones.

[Dave Abrahams <dave@…>]

Interestingly, I just got the same message when trying to submit this ticket. I thought it was an 0.11-specific issue, but I guess not.

[Dave Abrahams <dave@…>]

This is actually a different problem entirely. trachacks:TracForgePlugin is eating up all my POST data. We plan to submit a separate ticket with a patch to Trac that makes this less likely to be a problem. The fix to Tracforge is more complicated, we think.

[eblot]

Ok, I thought it was an authentication issue with Safari, but even without authenticating on t.e.o. I bumped into this issue without even being authenticated (I got used to get it: about once out of 3 or 4 tries when I add a comment on t.e.o.)

There's definitely something wrong with cookie management.

I'm not sure how to reproduce this error, but it bites me too many times a week on t.e.o.
A typical way to trigger the error on t.e.o. (but not 100% reproducible):

1. to browse t.e.o. not being logged,
2. type some comments into a ticket
3. log in (I always forget to log in...)
4. re-type the comments
5. submit or preview

This is likely to trigger the error with the latest (3.1.1 and previous) releases of Safari on Mac.

Once the first error occurrence is circumvented and as long as Safari runs, the error does not seem to appear anymore.

[Dave Abrahams <dave@…>]

FWIW, this problem is not Safari-specific; I was using FireFox? all the times when I saw it.

[cboos]

check

[cboos]

Steps to reproduce:

• edit a ticket as anonymous, preview to comment, keep the tab opened
• in another tab, log in that Trac
• back to the first tab, Submit

The above procedure worked when using FF3 (the above "check") comment:8, but produced a Missing or invalid form token error when using Safari 3.1.2.

[cboos]

check (FF 2.0.0.14)

[cboos]

check (opera 9.51)

[cboos]

Same issue with Opera 9.27, and ie7. It apparently didn't happen with FF 2 and Opera 9.51 (comment:10 and comment:11).

[cboos]

Though it appears to be browser specific, there's maybe something that can be done about this (no idea what at this point).

I'm tentatively scheduling this for 0.11.1 so it doesn't get lost.

[cboos]

check again (safari 3.1.2)

[cboos]

Ok, did some further testing, it's not browser specific it seems. The steps described in comment:8 work in safari if we start with the anonymous status obtained after a logout (i.e. we were previously logged in). And that's the situation I had when I tried with FF 3.0. If instead of simply logging out before repeating the steps, I actually exit the program and start fresh, then I also have the issue with Firefox.

[jonas]

This was caused by the cookie path attribute incorrectly being set to instead of '/' for top level trac installations. This led to multiple form_token cookies to be created under certain circumstances causing the cookie validation to fail.

Fixed in [7386].

[cboos]

Hey jonas, WikiFormatting#FontStyles :-)

... and of course, congrats for this fix! I had no clue about what could be the cause.

[anonymous]

I am still getting this issue in [7450]

[anonymous]

You have to reopen it for the next milestone

[jonas]

Replying to anonymous:

I am still getting this issue in [7450]

We'll need some more information on how to reproduce this. As far as I can recall I've never seen this since [7386].

Do you have any reliable way to reproduce this?

[dave@…]

For the record, the anonymous poster is not me (the original reporter). It's been working for me.

[cboos]

Since "anonymous" from 2 months ago didn't provide us with the requested additional information, and it's working fine for the original poster (and the rest of us on this Trac), I think we can close it again.

If someone really still has that issue with Trac >= 0.11.1, please re-read the whole ticket and provide us with:

• detailed information about your cookies
• a recipe for reproducing the problem