My process is very simple; the user logs in with the login form. The login form makes a message and defines @Html.AntiForgeryToken. On the server, the action method defines [ValidateAntiForgeryToken]to verify the provided token. This is the standard logic for setting up a microsoft account login, and this has been slightly changed.
The following is an error that some users receive:
anti-counterfeit token is for the user ", but the current user is" Username "
And prevents users from logging in. This only happens to some users on certain mobile devices, so it is very isolated. In addition, it is simple as soon as the login; these are not any postal operations after I saw in other posts on this issue, so this is a very strange problem to solve.
Any idea why some mobile devices reject this?
source
share