Making WordPress.org

Opened 7 months ago

Last modified 3 months ago

#4360 accepted defect

Trac throwing errors about missing or invalid form token/secure cookies on ticket updates — at Version 1

Reported by: williampatton Owned by: dd32
Milestone: Priority: normal
Component: Trac Keywords: pending-systems

Description (last modified by dd32)

Trac has been directing people to an error page when they try to submit comments or updates to tickets. I first seen this problem mentioned on March 30th.

The message reads Missing or invalid form token. Secure cookies are enabled, you must use https to submit forms..

The submissions are coming from pages that are https in the browser though and cookies are enabled.

Change History (2)

7 months ago

Screenshot of the message on mobile

#1 @dd32
7 months ago

  • Description modified (diff)
  • Keywords needs-testing needs-screenshots removed
  • Owner set to dd32
  • Status changed from new to accepted

We've started looking into this, and have tracked it down to a combination of a Caching change about a week ago, and seemingly a Firefox issue with mixed-content pages which causes the form token cookie to be reset more often.

One of the sticking points is that Trac creates a session in it's DB (And browser cookies) for every visitor, even if they're not logged in.. which as you might expect, means it's not very cacheable. Thanks Trac!

We've got some config in place to allow Trac pages to be cached (ignoring the cookies) but it's also affecting logged in users.

Stay tuned, we'll get this sorted.

Note: See TracTickets for help on using tickets.