User_1 get AntiforgeryValidationException, because cookie XSRF-TOKEN changed/removed after login User_2,
but error message does not reflect real situation...
Do you have any variants for solution this problem?
Maybe, change error message or login User_1 with logout User_2?
- ABP Framework version: v4.3.3
- UI type: Angular
- DB provider: MongoDB
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
[15:36:39 INF] Route matched with {page = "/Account/Login", action = "", controller = "", area = ""}. Executing page /Account/Login
[15:36:39 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
[15:36:39 INF] Antiforgery token validation failed. The antiforgery cookie token and request token do not match.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery cookie token and request token do not match.
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
[15:36:39 INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'.
[15:36:39 INF] Executing HttpStatusCodeResult, setting HTTP status code 400
[15:36:39 INF] Executed page /Account/Login in 142.0991ms
[15:36:39 INF] Executed endpoint '/Account/Login'
- Steps to reproduce the issue:"
User 1 and User 2 try to login in one browser
- User 1: Open Login page
- User 2: Open Login Page, Authorization and return to main site
- User 1: Try to Authorization and get AntiforgeryValidationException error
Best regards, Advantiss Inc
