[wp-meta] [Making WordPress.org] #4360: Trac throwing errors about missing or invalid form token/secure cookies on ticket updates
Making WordPress.org
noreply at wordpress.org
Thu Apr 4 07:19:45 UTC 2019
#4360: Trac throwing errors about missing or invalid form token/secure cookies on
ticket updates
---------------------------+-----------------------
Reporter: williampatton | Owner: dd32
Type: defect | Status: accepted
Priority: normal | Milestone:
Component: Trac | Resolution:
Keywords: |
---------------------------+-----------------------
Changes (by dd32):
* keywords: needs-testing needs-screenshots =>
* owner: (none) => dd32
* status: new => accepted
Old description:
> Trac has been directing people to an error page when they try to submit
> comments or updates to tickets. I first seen this problem mentioned on
> April 30th.
>
> The message reads `Missing or invalid form token. Secure cookies are
> enabled, you must use https to submit forms.`.
>
> The submissions are coming from pages that are https in the browser
> though and cookies are enabled.
New description:
Trac has been directing people to an error page when they try to submit
comments or updates to tickets. I first seen this problem mentioned on
March 30th.
The message reads `Missing or invalid form token. Secure cookies are
enabled, you must use https to submit forms.`.
The submissions are coming from pages that are https in the browser though
and cookies are enabled.
--
Comment:
We've started looking into this, and have tracked it down to a combination
of a Caching change about a week ago, and seemingly a Firefox issue with
mixed-content pages which causes the form token cookie to be reset more
often.
One of the sticking points is that Trac creates a session in it's DB (And
browser cookies) for every visitor, even if they're not logged in.. which
as you might expect, means it's not very cacheable. ''Thanks Trac!
We've got some config in place to allow Trac pages to be cached (ignoring
the cookies) but it's also affecting logged in users.
Stay tuned, we'll get this sorted.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/4360#comment:1>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list