Skip to content
This repository was archived by the owner on May 31, 2022. It is now read-only.
This repository was archived by the owner on May 31, 2022. It is now read-only.

Possible CSRF detected - state parameter was required but no state could be found #822

Closed
@baiyangliu

Description

@baiyangliu

I can run oauth2 very well by default.
But,it may produce a error "Possible CSRF detected - state parameter was required but no state could be found",when i put the tonr project to tomcat ROOT

Activity

dsyer

dsyer commented on Sep 22, 2016

@dsyer
Contributor

Probably the server and client are eating each other's cookies? They have have to be on different hosts and/or paths to keep the cookies separate in the browser.

aiboogie

aiboogie commented on May 7, 2017

@aiboogie

Sorry to reopen this discussion, I still get this one, different tomcats, different hostnames and different app contexts.
Any advice? Is there a way to put stateMandatory on false from the spring config ?
Thanks in advance.

johnhunsley

johnhunsley commented on Nov 10, 2018

@johnhunsley

I'm running Spring Boot 2.1.0 and I'm getting this same issue. I'm running my Auth Server, Client App and Resource Server on different root context paths and different ports. I have tried changing the cookie names but I still see the problem discussed in #322

As far as I can tell from debugging this the bug is in the state is not persisted because the OAuthClientContext is not session scoped.

gcloeval

gcloeval commented on Nov 26, 2018

@gcloeval

I am also having this issue, spring boot 2. Anybody found a workaround?

EtachGu

EtachGu commented on Jan 4, 2019

@EtachGu

I also get this Issue, Spring boot 2.1

iceagebuck

iceagebuck commented on Apr 1, 2019

@iceagebuck

This issue appeared only when I run two instances of this service. Any solution or workaround?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @dsyer@johnhunsley@baiyangliu@EtachGu@aiboogie

        Issue actions

          Possible CSRF detected - state parameter was required but no state could be found · Issue #822 · spring-attic/spring-security-oauth