Is there a proxy or a load balancer? Can you reproduce it without tornado? On Thursday, 20 August 2015 14:13:44 UTC-5, Brian Nguyen wrote: > > Hello all, > > I've been running into this issue lately where ALL forms would clear when > the submit button is clicked. > > I understand how CSRF may cause these symptoms and need your help. > > It seems to happen to random users using any browser. Although it doesn't > affect all browsers simultaneously. > > The odd thing is, it also affects the Web2py Administrator Interface > password form and forms from other apps on the same server. > > We can't trigger the issue 100%, but we can mimic the problem by blocking > cookies to our app. Opening multiple tabs to the form and submitting on an > older tab also mimics the issue, but eventually fixes itself on next submit > when testing on a working environment. > > The workaround for the issue seems to be clearing all the cookies & cache > or running in incognito/private mode. However, the issue may eventually > return. > > In my tests, it seems that only a single formkey can be stored in session > when the problem is present. When we refresh the page, it still has only > one new formkey. In a working environment, we can refresh the page and have > up to 10 formkeys stored in session. > > Based on our workaround, I've noticed that the session_id_(name) cookie > would not be generated automatically. Although we do have a session_id and > session_filename for the user. Also, the session_file will show as None. > > Server Configuration: > Web2py 2.11.2 > Tornado Webserver > > User Configuration: > Chrome > Firefox > IE 8 > > All browser versions may vary. The cookie and security settings have been > confirmed to be wide open. > > Affected forms: > Web2py Administrator Interface > Auth (default/user) > Custom forms (with and without passing session to forms.accept) > > I've spent countless hours lurking the Web2py resources for a solution, > but I just can't figure this one out. :( > > Thank you, > Brian >
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
