Hello,
With increasing frequency and no discernible pattern, we have been encountering the error “CSRF: Invalid or missing CSRF token” when trying to save changes to an item. As others have reported, we lose the intended changes and have to reconstruct them every time it happens. Usually it gets worse towards the end of the working day. We have tried all sorts of solutions: using a private browser window, being disciplined about not working in multiple tabs, increasing the session timeout settings, clearing cookies. It happens when we have been working continuously, so it’s not being caused by long idle periods. Does anyone have any ideas about what to try next?
Thanks in advance.
This error will happen when the user leaves the form open longer than the CSRF token expiration. But you say it’s not being caused by long idle periods. What version of Omeka S are you using? In version 4.1.0 we bumped the token expiration from 1 hour to 12 hours.
Hi Jim, thanks for your response and sorry for my very slow reply.
We are using Omeka S version 4.0.4. Do you think the shorter token expiration is a likely cause for the problem? We have a lot of fields in our resource templates and so we spend a lot of time with the editing form open - and we also risk losing inserted data when the CSRF token error appears. We’ve taken to saving after every change but it’s still causing a lot of frustration.
If you think upgrading will help we’ll do the upgrade to 4.1.0 as soon as possible.