Password prompt while browsing or error while uploading assets

[rrelmy]

Describe the bug While browsing the asset library it can happen to show a password prompt just by changing the directory.

Also it can happen to show an "Unauthorized" error when a file is being uploaded.

TLDR: For me it looks like the amount of requests to /cp/assets/thumbnails/... to show thumbnails set a lot of cookies with different xsrf tokens which leads to session "corruption" (UI having outdated xsrf token)

To Reproduce Steps to reproduce the behavior:

1. Go to 'Assets'
2. Click on a directory
3. Maybe go back to the parent directory
4. See prompt asking for the password

It helps to have a lot of images in the directories.

Expected behavior It just works without asking for the password.

Environment details (please complete the following information):

• Statamic Version 2.11.21
• OS: Ubuntu 18.04
• Browser: Chrome
• Web Server: nginx
• PHP Version: 7.2
• Addons installed: some

Additional context

Prompt during browse is caused by an error on the POST /cp/assets/browse request.

{
  "exception":"TokenMismatchException",
  "redirect":"https:\/\/---redacted---\/cp\/auth\/login?expired=1&referer=%2Fcp%2Fassets%2Fbrowse%2Fimg"
}

[joshuablum]

Hey @rrelmy,

This came up with another install again. Could you try changing your session driver to cookie and let us know if this continues to happen? In your .env file, change SESSION _DRIVER=file to SESSION DRIVER=cookie