https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37060
--- Comment #15 from David Cook <[email protected]> --- (In reply to Jan Kissig from comment #14) > Hi there, I tried to implement what David said but somehow the authenticated > cookie and the CRSF-token are bound together, and when I loose that token > (but keep the session), there seems no chance of getting a valid token > again. So the cookie contains the session ID, and the CSRF token is bound to that session ID. > Wiki says: > If you lose it for whatever reason, you can get a new Csrf-Token by using > your authenticated cookie and sending a GET to > /cgi-bin/koha/svc/authentication like you did in the first step. > --- > > The token I received by GET /cgi-bin/koha/svc/authentication will always > throw "wrong_csrf_token" so I build a workaround by logging out if GET > /cgi-bin/koha/svc/authentication returns a valid session > (<status>ok</status>) I've just confirmed your problem using curl, so I'll look into that. Something very odd going on here, especially since I'm sure this used to work... -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
