Hello Massimo, We have found the root cause of the issue and are able to reproduce it 100%.
It seems that one of the websites we use at our company generates Adobe tracking cookies that cause Web2py forms to stop working. The Adobe cookies in questions are: s_vi s_fid s_cc s_sq Since these cookies have a broader domain, they end up in my web2py app when users go to the culprit site. I'll have to investigate how these cookies interfere with web2py forms. Thank you, Brian On Thursday, August 20, 2015 at 10:19:55 PM UTC-7, Massimo Di Pierro wrote: > > Is there a proxy or a load balancer? Can you reproduce it without tornado? > > On Thursday, 20 August 2015 14:13:44 UTC-5, Brian Nguyen wrote: >> >> Hello all, >> >> I've been running into this issue lately where ALL forms would clear when >> the submit button is clicked. >> >> I understand how CSRF may cause these symptoms and need your help. >> >> It seems to happen to random users using any browser. Although it doesn't >> affect all browsers simultaneously. >> >> The odd thing is, it also affects the Web2py Administrator Interface >> password form and forms from other apps on the same server. >> >> We can't trigger the issue 100%, but we can mimic the problem by blocking >> cookies to our app. Opening multiple tabs to the form and submitting on an >> older tab also mimics the issue, but eventually fixes itself on next submit >> when testing on a working environment. >> >> The workaround for the issue seems to be clearing all the cookies & cache >> or running in incognito/private mode. However, the issue may eventually >> return. >> >> In my tests, it seems that only a single formkey can be stored in session >> when the problem is present. When we refresh the page, it still has only >> one new formkey. In a working environment, we can refresh the page and have >> up to 10 formkeys stored in session. >> >> Based on our workaround, I've noticed that the session_id_(name) cookie >> would not be generated automatically. Although we do have a session_id and >> session_filename for the user. Also, the session_file will show as None. >> >> Server Configuration: >> Web2py 2.11.2 >> Tornado Webserver >> >> User Configuration: >> Chrome >> Firefox >> IE 8 >> >> All browser versions may vary. The cookie and security settings have been >> confirmed to be wide open. >> >> Affected forms: >> Web2py Administrator Interface >> Auth (default/user) >> Custom forms (with and without passing session to forms.accept) >> >> I've spent countless hours lurking the Web2py resources for a solution, >> but I just can't figure this one out. :( >> >> Thank you, >> Brian >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
