Authentication Failed: csrf cookie is missing or invalid

Started by icecream-guy, April 15, 2023, 07:27:15 AM

Previous topic - Next topic

icecream-guy

how to fix ?

I have a security service, Vivint, when I try to login and check my balance, I get Authentication Failed: csrf cookie is missing or invalid

I turned off ad blocker, script blocker, and permitted site cookies for this site in Chrome, still no good.
I have tried edge which worked in the past, pretty much default config, set to allow cookies for web site. no good.
i just downloaded Firefox, in default state was able to log into web site no issues.

I can resort to using Firefox, but would like to fix for Chrome/edge.  this issue will probably eventually affect Firefox too.
Thanks
 
:professorcat:

My Moral Fibers have been cut.

deanwebb

It may be an issue on the Vivint side, since you did the thing in Chrome that should have allowed CSRF cookies.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

Try private browsing mode in Chrome, and see if that works. If so then try clearing cookies and cache in Chrome. We have one product that we have to do this after every upgrade. For some reason the cookies get invalidated, and won't regen until they are wiped.

-Otanx

icecream-guy

#3
tried again today, none of the top 2 browsers  2 of which have undisturbed default configs, do not work, as well private browsing does not work either.

clearing cookies and cache. NL.
:professorcat:

My Moral Fibers have been cut.

icecream-guy

must be the bookmark, when I go to the home page and click on login, it all works.  rather than going directly to the login page.
:professorcat:

My Moral Fibers have been cut.

deanwebb

I've had odd stuff like that work for me, as well. My case was an old server that had broken TLS on its front page, but OK TLS on a side page. Go directly to the front page, no luck. Load the side page first, clear the self-signed cert error, get that to load, then the main page is good to go with a self-signed cert error.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.