rochamarcelo
commented
3 years ago Hi,
It seems to be something related to session, have you checked if your code is removing session or cookie data?
Closed emailmebp closed 2 years ago
rochamarcelo
commented
3 years ago Hi,
It seems to be something related to session, have you checked if your code is removing session or cookie data?
aengblom
commented
3 years ago In this particular situation, it is not removing the php session or the cookie data. The actual hidden _csrfToken input disappears from all the forms on the page. If you inspect the forms, this div is no longer there:
<div style="display:none;">
<input type="hidden" name="_csrfToken" autocomplete="off" value="somecsrfvalueblablabla">
</div>This issue was specific to our app. This issue can be closed. Thanks!
We have two forms:
Login Form Reset Password (enter email form).
When you have an unsuccessful login, like when the identity is not found when you put in a wrong password, the hidden input with the csrf is wiped out.
When the user enters their email to request a reset, it errors out as a result of the wiped out CSRF.
Is this an issue with the plugin or is this an application specific issue?