Time to read: 5 min.
The article covers the following topics:
What is 'CSRF invalidation error' or 'CSRF token is invalid'?
Cross-Site Request Forgery (CSRF) is an attack that forces the user to execute unwanted actions on a website during state-changing requests.
'CSRF invalidation error' or 'CSRF token is invalid' occurs when the page is open in the browser for a long time, and then a request for change/save data is sent without the page update. This token is a session validator and serves to protect against counterfeit data.
What can you do with error?
The initial solution here is to update the page and not keep it open too long - the lifetime of a token is 1,440 seconds, which is equivalent to 24 minutes.
- Open Safari Preferences from the drop-down menu in the upper right corner or through Cmd + comma (⌘ + ,) shortcut.
- Click the Privacy tab and make sure that "Cookies and website data" is set to either "Always allow" or "Allow from websites I visit".
- Click on the Manage Website Data button to see all locally stored website data.
- Search for your Affise domain (eg.: offers-rocketcompany.affise.com) and remove all related entries.
- Reload Safari and try to log in again
- Open Chrome Settings.
- Scroll to the bottom and click on Advanced.
- In the 'Privacy and security' section, click the 'Cookies and site data' button.
- Click on Cookies.
- Under All cookies and site data, search for your Affise domain, and delete all related entries.
- Reload Chrome and try to log in again
- Go to Firefox's Preferences > Privacy & Security menu.
- In the History section, select "Use custom settings for history" from the drop-down menu.
- Click on Exceptions and whitelist your Affise domain (eg.: offers-rocketcompany.affise.com)
- Scroll down to Site Data and click on Settings next to it.
- Search for your Affise domain and remove all shown entries.
- Reload Firefox and try to log in or sign up again.
If you feel like there are some questions left upon the CSRF invalidation error, feel free to address them to Affise Support Team via email@example.com or your internal live-chat as long as to contact your dedicated Account Manager.
Written by Anastasia Deryugina