I have an ASP.Net MVC web application running in production using forms authentication. From time to time, I get the following error when trying to log in:
System.Web.Mvc.HttpAntiForgeryException (0x80004005): Anti-fake cookie token and form field token do not match. in System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens (HttpContextBase httpContext, IIdentity ID, AntiForgeryToken sessionToken, AntiForgeryTokenToken field. InvokeAuthorizationFilters (ControllerContext controlContext, IList`1, ActionDescriptor actionDescriptor) in System.Web.Mvc.Async.AsyncControllerActionInvoker <. > C__DisplayClass21.b__19 (AsyncCallback asyncCallback, Object asyncState)
The user tries several times, then closes the browser and goes to the application and tries to log in again, and then works.
I'm trying, but I just can't reproduce this problem so that I can figure it out. I thought that perhaps the bookmark user is the login screen, and something the browser caches the "old" token with this bookmark. But I also tried this approach, and the transition to the bookmarked login screen with a bookmark works fine in our tests.
I found a few questions that could fix the problem, but if I cannot replicate the problem during the development process, I cannot know that any of the proposed fixes works.
Any ideas on what could be a replication attempt for me?
source
share