Front end CSRF failing

[stolat]

Craft 3.9.1 Two-Factor 2.11.1 PHP 7.4.3

Front-end login-verify.twig is failing CSRF validation. When I debug yii2/web/Request validateCsrfTokenInternal I see the following:

`clientSuppliedToken = UglEXeYcWM7KEkoWANNe9E_QCY5iefnZee8HnV20gzHqfUd_g0aOY6FNDjL-gscsBOTZt03c9RuL9S5lu-yCEaQn5Pl3Ua1blyhjDvtTNDTP8hIFf4wrBldoEK5KjJLJ63BGvin3iZ25xBKuoTqBM0zn2Y83HUz0wL6SaqsVSIG9szFqox_Hu64nlrjEgWGeajDeAEwqDJ9YDr2TUS1UQrc8oCCfcNsYAcqqFdh0yhSAx2KgDnNN1xntEd0sO1DJ4fccPILt0nXtkX27lh0E2N3nIsBEhcFHaZ1p9h9aNs1nAlCqk3RmHeoYNjYLIJt66ab7jkR-2xvGvarbllfA8EPFZT--muh1XyiWlNHdE_5vMLLO3wYZ9Fbz__1t5Yz21T79GEzv

trueToken = 40q09y63Al7SXpfP8IsguFCZxStnxOz5U7mT8dHKnJVnFnDcIv_DXbEP2qZX81Qtix3wjbLvQuw_1rx-Hbzfij-O4KaY_tjGLWVE7nagoC8=`

Backend 2FA is working fine. All other front-end forms are working with csrf.

Front-end login-verify.twig is

`

{{ csrfInput() }} {{ actionInput('two-factor-authentication/verify/login-process') }}

Enter the authentication code from your phone.

Submit

{% if errorMessage is defined %}

{{ errorMessage }}

{% endif %}

</div>`

[kasnol]

I suspected the same failed on CSRF check during backend login, received error 400 on authen the 2FA. I disabled the plugin it works alright.

Craft 4.5.3 Solo Two-Factor 3.3.1 PHP 8.0.30 nginx/1.22.1

[lenvanessen]

Can confirm the CRSF validation is failing for the back-end as well. Users can't log-in

[roelvanhintum]

This is usually caused by either cookie settings, session settings (like userSessionDuration or session.cookie_lifetime) or the session store like in #64 There is just to much options to figure this out without debugging on your environment.

Probably the same as #83 and #76

[encaps]

for me it was the problem that I had the debug-toolbar enabled for my account and that prevented me from logging in with 2FA. So I disabled 2FA, turned off my debug-toolbar and re-enabled 2FA...

hope it helps someone...