2 logins to get on the webif



  • I have to enter lots of times twice my login, because i get this:

    CSRF check failed. Either your session has expired, this page has been inactive too long, or you need to enable cookies.
    Debug: sid:50a4fc00465fa06c0b2b346497b5a4b7d9779450,1303056141
    

    This happens on autologout and when i reload my browser and do not login at the same time when the login-page loads. Its somewhat annoying. Is there any way to bypass that?

    Happens too if any page is opened and i want to get a new tab or want to change to an other page on the webif after a "long" time. Then i get the login-page but after login this message and i have to login another time. I think that this messages should not appear after a fresh login.


  • Rebel Alliance Developer Netgate

    It's a security protection, so someone can't steal your old session.

    Though I haven't seen this happen lately myself. If I leave it sit for a long time it just takes me back to the login page. though it's rare that I hit the auto logout timer in a given browser session so I may just not be replicating your same circumstances.



  • Ok, that sounds ok for me, but when i get popped to the login-page, it should not occur that i have to login twice! And this is the fact which disturbs a bit. shouldn't the cookie be deleted or rewritten upon login to avoid that?

    I can replicate that very simple: stay at any of the services-page, wait a time, then press "save": You get your first message and jump to the login-page. Then login and you'll get the second message and again jump to login. Then, after the second login you can do whatever you want to do.


  • Rebel Alliance Developer Netgate

    That is probably a side effect of your first action after the timeout being a POST, and tripping the CSRF protection. There may not be a good way around that one, though I'm not sure why it makes you login twice.


Locked