doogdeb
Reputation: 403
MVC 2 Antiforgerytoken session issue
I've implemented the antiforgerytoken in my MVC 2 app.
I have also added a machine key in the web.config. When the session expires and I try and do a post it throws a A required anti-forgery token was not supplied or was invalid error.
It seems like the antiforgery token is expiring.
My question is
- Why is it throwing an error after session expiry?
- How long is the token valid for?
Upvotes: 2
Views: 1488
Answers (1)
LeftyX
Reputation: 35587
I've never experienced such problem and I am pretty sure that the AntiForgeryToken do not expire but I was reading here and it seems that someone has had your problem.
I do not use the machine key. I simply do something like this:
<% using(Html.Form("UserProfile", "SubmitUpdate")) { %>
<%= Html.AntiForgeryToken("AF-MyApp-token") %>
<!-- rest of form goes here -->
<% } %>
and server-side:
[ValidateAntiForgeryToken(Salt="AF-MyApp-token")]
public ViewResult SubmitUpdate()
{
// ... etc
}
Upvotes: 3
Related Questions
- How to make the AntiforgeryToken As Secure in ASP.net MVC
- AntiForgeryToken Error in ASP.NET MVC 5 app
- mvc 6 generates antiforgerytoken only once
- MVC AntiForgeryToken exception - Handle globally
- ASP.NET MVC5 Basic HTTP authentication and AntiForgeryToken exception
- How to pass through the AntiForgeryToken in MVC
- AntiForgeryToken invalid after sign in
- MVC3 AntiForgeryToken breaks on Ajax login
- MVC3 AntiForgeryToken Issue
- ASP.NET MVC AntiForgeryToken throwing its exception on GET?