Invalid CSRF Token __CSRFToken__

Invalid CSRF Token CSRFToken

danlfc

i have about 3 pages of this Invalid CSRF Token __CSRFToken_ what does it mean and is it important?

ntozier

My understanding about CSRF Tokens is fairly limited. My understanding is that osTicket uses cookies to push a token to the client (web broswer) with each authentication form. When someone enters their username and password to log in, it sends the username, password, and token back to the server. The server then compares the three with what it has. When the CSRF token doesn't match, it assumes (usually rightly) that the login attempt is an attack and fails the login.

danlfc

Okay thank you

TheNerds

Is there a way to turn this off? Setting cookies at all... I hate cookies. We usually have cookies disabled in browser, anyway. Besides, we use so many different computer systems, that this could be really bad for us.