CSRF Login Issue Solution



  • I've read a few people on the IRC and on these forums that have this issue where they get a message saying:

    CSRF check failed. Your form session may have expired, or you may not have cookies enabled.

    And they all say the same thing, it doesn't happen when they run Chrome in incognito mode. I also had this problem so I decided to figure out what the issue was and I have found the reason for it occurring.

    If you use LastPass, 1Password or another browser based automatic login filler which overrides the input method of your browser and you setup a login before you upgraded to the latest version of pfSense the Username and Password forms which these plugins try to insert your Username and Password into have changed names. (in pfSense 2.2.x -> 2.3.x).

    The solution is simple backup your username and password, erase the entries in your password manager (the forms it looks for) and create new generic ones just called username and password. Now when you login using your password manager you won't have the CSRF error message etc

    I hope this is helpful to someone after looking at a lot of threads on this error no one seems to have posted a solution yet but I was able to replicate the problem and find this solution with some time yesterday.