Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CSRF check failed

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 5 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • cfapressC
      cfapress
      last edited by

      I have one router, out of six, that I'm no longer able to manage via any web browser from any computer.

      I can reach the logon page.
      I can enter the proper credentials.
      I can see the logfile (via SSH) indicating a successful logon.

      But I get this error message in the web browser:
      CSRF check failed. Either your session has expired, this page has been inactive too long, or you need to enable cookies.
      Debug: sid:3e4291d5d94633c94ad861de77df0db56fa6b170,1415811475;ip:59e15b3178853af2e712161bf6a5868953a2351a,1415811475

      This appears from any web browser (IE or Chrome have been tested) from any computer. Clearing cache in the web browser makes no difference. Restarting the pfSense box makes no difference.

      I'm at the point where I may need to wipe and rebuild the router.

      Before I do that … is there anything I can modify via a SSH connection that will clear up this problem?

      Thanks,
      Jason

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        How are you trying to reach it?
        I thought that if you used its actual IP address in the browser bar then there is no possibility of CSRF problems.
        See cmb comments below for more accurate advice.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • C
          charliem
          last edited by

          @cfapress:

          Clearing cache in the web browser makes no difference.

          Will this also delete cookies?  I'm not sure it does; it may be browser dependent.  Try to manually delete all cookies associated to that IP, or at least verify that clearing the cache has cleared the cookies too.  I've seen that a few times and deleting the cookies has worked for me.

          One other thing to check would be time/date synchronization between the client and pfSense.  No idea if that applies here at all, but seeing as two of the three reasons given for failure involve time ('inactive too long' and 'session expired'), it can't hurt.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Phil's thinking of DNS rebinding and HTTP REFERER checks. CSRF is different. There really isn't a way to break that, short of having edited the source code and breaking the CSRF protection in general. Since you can get to the console, re-applying the appropriate 2.1.5 update for your system may suffice, if the cause is having messed something up by changing the source. Time sync shouldn't matter there.

            1 Reply Last reply Reply Quote 0
            • Z
              zebastian
              last edited by

              Hi guys, got this very same problem. But, found out the/a reason - seems to be a bug or smth in the Dashboard Widget for Gateways.
              Yesterday I set up three different gateway groups (Multi wan), and suddenly I got this CSRF check failed thing. Well, after a while I managed to go directly to another page within the firewall gui, that is not index.php, and that worked. So, from there I went straight to System - Routing - Groups and deleted the gateway groups I made, and voila! Back to normal.

              Don't know if your problem got the same reason behind… but maybe?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.