Omeka S post install CSRF error

Hey Omeka folks,

I’m wrestling with an S install, and after I do the initial /admin form population – which certainly appears to work – when I then am redirected to the /login page I get the following error after entering information:

“CSRF: Invalid or missing CSRF token”

A similar case appears here, but with a slightly different (still CSRF related) error message and, as far as I can tell, my session.save_handler is set to files. I am not much of a web person, but I did manage to get the developer’s console to work in Firefox and there does not appear to be a cookie being set at all.

Any ideas on where to go from here?

My setup:
Ubuntu 18.04 LTS
Apache 2.4.29
PHP 7.2
Omeka-S 2.1.0

There’s no cookie? That would definitely account for the login not working.

My first guess would be that you have some interesting session setting for PHP somewhere. You looked at session.save_handler, can you show us all the session. settings for your server? A screenshot of the “session” section of phpinfo() would be one easy way.

Double-checking on the cookie front: when you just visit, but don’t fill in, the login page, and you check the console under Storage -> Cookies, there’s nothing listed? Omeka S will pretty much always try to assign you a session cookie, so you should have 1 cookie with a random-looking name listed there.

Hello jflatnes, thank you for the prompt reply!

Oddly, now there are cookies in the web console. Still the same error though. Attached is my session settings.

Those settings look normal, so I guess that’s not the issue.

You’re describing a pretty “normal” setup: I’m not aware of any typical issues or “gotchas” for the normal setup of Ubuntu that cause session storage issues. Are you aware of anything non-standard about your server setup?

That cookie you’re now seeing: if you reload the page, are you getting the same cookie (both the name and value should be remaining constant as you reload). If it changes every time, what’s probably happening is that the server isn’t able to save the session. You could also check your Apache (or PHP-FPM, if you’re using FPM rather than mod_php) logs to see if there’s any session-related errors being reported.

I also forgot, just to rule it out: does the problem persist if you use a different browser?

I tried both Firefox and Google Chrome, so yeah, I don’t think it’s a browser issue. I’ll poke around some and report back. Thanks so much for your help!

also, afaik, there’s nothing weird about my setup (other than it being a VM behind a proxy). Standard Ubuntu.

The only thing that would immediately come to mind related to that setup would be some issue with the proxy dropping the cookie in one direction or another, something along those lines.