A CSRF token is a secure, random token that is used to prevent CSRF attacks. The token is a large random value that is difficult too guess and unique per user session. isofy is a CSRF-secure application that assigns a unique CSRF token for every unique user session.
Occasionally, this means that users will receive this message if there is a token conflict. Typically, this message appears when you open a tab without logging in, then open another tab and log in from there. When you return to the first tab and try to log in again, you will encounter a CSRF token error. This occurs because the first tab generates a CSRF token that remains unused since no login has taken place. Meanwhile, logging in from the second tab generates a new CSRF token, which is then used for the login. This action invalidates the token in the first tab, causing a 403 CSRF message when you attempt to log in from that tab.
This behavior is expected due to proper implementation of CSRF token invalidation. When a token is used in one tab, any previous tokens are invalidated to maintain security, which is why the first tab encounters a 403 message.
To have the 403 message disappear, simply refresh the tab you are trying to login on. This refreshes the CSRF token and ensures you are using the most recent token for your session.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article