The required anti-forgery cookie is not present

Question

I keep seeing the error "The required anti-forgery cookie "__RequestVerificationToken_L3N0dWRlbnQ1" is not present." in my ELMAH logs but I cannot reproduce the error myself.

My controller action looks like this:

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult SignIn(LoginModel loginModel)

and my view looks like:

@using (Html.BeginForm("SignIn", "Home", "", FormMethod.Post, new { @class = "form-inline LoginForm" }))
{
    @Html.AntiForgeryToken()
    ...
}

The ELMAH log indicates the following form item was posted:

<form>
   <item name="__RequestVerificationToken">
      <value string="UjQsZ1QB4ryA-e0RleFb7f0ORB9QPbsJrzoXn6D8XiqN9CEGysiVC94Ark4FnAFfx3C2eAG5KhAiVlP8nob8xkCg2k_8oUyLYwDmR39qu8g1"/>
   </item>
   ...
</form>

however the only cookie present was the ASP.NET Session cookie

<cookies>
   <item name="ASP.NET_SessionId">
      <value string="d4rlkdgp1ot2gpcmjtirfym1"/>
   </item>
</cookies>

I also noticed that there is a query string value in the post which I did not explicitly set.

<queryString>
   <item name="Length">
      <value string="0"/>
   </item>
</queryString>

Any ideas?

Answer 1

This problem was only occurring on mobile devices because the last page visited in the browser was cached (but without the anti-forgery cookie). I added the necessary code to prevent the browser from caching the page and the problem was resolved.