The CSRF hidden field value didn't match the CSRF cookie value.

Matthew Butler asked on May 13, 2025 16:26

A couple of users are generating a large number of the following error in the CMS admin.

The CSRF hidden field value didn't match the CSRF cookie value.

Any ideas?

Recent Answers

John Lougee answered on May 13, 2025 18:09

Hi Matthew,

This is related to the Cross site request forgery (CSRF/XSRF) protection in Xperience. You can read more about how this works in our documentation here: Cross site request forgery (CSRF/XSRF) protection. I would recommend reviewing that page and checking that you have this properly configured in the project, using the ValidateAntiForgeryToken attribute on actions with POST requests and using @Html.AntiForgeryToken() method in your views that post to the action methods. You may be able to narrow down where these errors occur by checking the full Event log details for these errors and looking at the URL referrer/Event URL's to see where they were triggered. Then you can check that those page(s) have the correct configuration according to our documentation. I hope this helps!

0 votesVote for this answer Mark as a Correct answer

Matthew Butler answered on May 13, 2025 20:39

All the event urls are "/Admin/cmsadministration.aspx", I don't know how to find out where this is happening or why just some users

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.