Closed emailmebp closed 2 years ago
Hi,
It seems to be something related to session, have you checked if your code is removing session or cookie data?
In this particular situation, it is not removing the php session or the cookie data. The actual hidden _csrfToken input disappears from all the forms on the page. If you inspect the forms, this div is no longer there:
<div style="display:none;">
<input type="hidden" name="_csrfToken" autocomplete="off" value="somecsrfvalueblablabla">
</div>
This issue was specific to our app. This issue can be closed. Thanks!
We have two forms:
Login Form Reset Password (enter email form).
When you have an unsuccessful login, like when the identity is not found when you put in a wrong password, the hidden input with the csrf is wiped out.
When the user enters their email to request a reset, it errors out as a result of the wiped out CSRF.
Is this an issue with the plugin or is this an application specific issue?