search

ryancramerdesign / ProcessWire

Our repository has moved to https://github.com/processwire – please head there for the latest version.
https://processwire.com
Other
727 stars 199 forks source link

2.5.13 - Request appears to be forged #850

Closed mikerockett closed 9 years ago

mikerockett commented 9 years ago

My steps to reproduce:

  1. Create user from superuser account.
  2. Assign new 'user' role
  3. Sign out
  4. Sign in as new user - error shows
  5. Refresh page
  6. Sign in as new user - works
  7. Sign out
  8. Sign in as superuser - error shows
  9. Refresh page
  10. Sign in as superuser - works

Could this be a timing issue?

ryancramerdesign commented 9 years ago

I can't duplicate this one locally. I'm not seeing any errors. However, the way you describe it it sounds like a browser caching issue. I would guess you are getting a browser cached login form on step 4 and 8 that contains CSRF tokens from a previous request. What version of PW, and what browser?

mikerockett commented 9 years ago

Hi Ryan - it's 2.5.13, and I tested it with Opera. However, it doesn't seem to be doing it anymore. And nothing in the browser itself has changed - no upgrades, no extensions, zip.

I'm going to close this for now - if it happens again, I'll re-open.