Closed vvilaplana closed 3 months ago
It is unclear if you are running Mokey with SSL? Secure cookies will not be possible without SSL.
Do you have the following set with a valid certificate and key in the [server]
section?
ssl_cert = "/path/to/my/cert.pem"
ssl_key = "/path/to/my/key.pem"
spot on! it's not clearly mentioned in the doc, so i thought CSRF was unrelated to the cert. cheers!
Vesion:
mokey-0.6.4-amd64.rpm
OS:
Red Hat Enterprise Linux release 9.4 (Plow)
Configuration:
My /etc/mokey/mokey.toml :
Issue description:
I get mokey login form asking for an user, but whatever I enter, I get the error "Your session timed out. Please try logging in again". It looks CSRF-related, because mokey logs show this:
Things I tried to no avail:
Workaround:
The only way to fix this is by configuring
secure_cookies = false
in[server]
section of mokey.toml, but this is not an acceptable solution for a production environment.