Hello all, I've been running into this issue lately where ALL forms would clear when the submit button is clicked.
I understand how CSRF may cause these symptoms and need your help. It seems to happen to random users using any browser. Although it doesn't affect all browsers simultaneously. The odd thing is, it also affects the Web2py Administrator Interface password form and forms from other apps on the same server. We can't trigger the issue 100%, but we can mimic the problem by blocking cookies to our app. Opening multiple tabs to the form and submitting on an older tab also mimics the issue, but eventually fixes itself on next submit when testing on a working environment. The workaround for the issue seems to be clearing all the cookies & cache or running in incognito/private mode. However, the issue may eventually return. In my tests, it seems that only a single formkey can be stored in session when the problem is present. When we refresh the page, it still has only one new formkey. In a working environment, we can refresh the page and have up to 10 formkeys stored in session. Based on our workaround, I've noticed that the session_id_(name) cookie would not be generated automatically. Although we do have a session_id and session_filename for the user. Also, the session_file will show as None. Server Configuration: Web2py 2.11.2 Tornado Webserver User Configuration: Chrome Firefox IE 8 All browser versions may vary. The cookie and security settings have been confirmed to be wide open. Affected forms: Web2py Administrator Interface Auth (default/user) Custom forms (with and without passing session to forms.accept) I've spent countless hours lurking the Web2py resources for a solution, but I just can't figure this one out. :( Thank you, Brian -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
