'XSRF Security Token Missing' errors in stash

I keep getting these 'XSRF Security Token' errors in stash. They usually appear in sessions that have been around a while (maybe an hour or so). Refreshing the browser will take care of it, but it might come back on the next operation. Loggin out and logging in again seems to fix it for a while. Our Stash instance is using a Jira external directory for the user directory. What would be causing this? How can I fix the configuration to keep this from happening?

1 answer

1 accepted

1 vote
Jason Hinch Atlassian Team May 24, 2013

Stash currently protects all of its form submissions submissions from Cross-site request forgery by generating a secret token per-user and includes it in the form submission. This token is separate from the authentication mechanism used or the user directory strategy. This token expires a lot quicker than the user session.

If you do see the operation failure warning due to an expired XSRF protection all that is required is hit the 'Retry Operation' and your form submission should suceed and all subsequent forms should use the new token. Futhermore, you should only see this error if you leave a form sitting around for a while without submitting it.

This is all part of Stash's normal functionality.

Actually I discovered the problem. It was that I was running multiple atlassian applications on the same server, using the same hostname, which was causing the apps to step on each other's cookies. I changed it to have each app run under it's own DNS name, through an BigIP f5 switch, and it is working.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

1,781 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you