Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

'XSRF Security Token Missing' errors in stash

I keep getting these 'XSRF Security Token' errors in stash. They usually appear in sessions that have been around a while (maybe an hour or so). Refreshing the browser will take care of it, but it might come back on the next operation. Loggin out and logging in again seems to fix it for a while. Our Stash instance is using a Jira external directory for the user directory. What would be causing this? How can I fix the configuration to keep this from happening?

1 answer

1 accepted

1 vote
Answer accepted

Stash currently protects all of its form submissions submissions from Cross-site request forgery by generating a secret token per-user and includes it in the form submission. This token is separate from the authentication mechanism used or the user directory strategy. This token expires a lot quicker than the user session.

If you do see the operation failure warning due to an expired XSRF protection all that is required is hit the 'Retry Operation' and your form submission should suceed and all subsequent forms should use the new token. Futhermore, you should only see this error if you leave a form sitting around for a while without submitting it.

This is all part of Stash's normal functionality.

Actually I discovered the problem. It was that I was running multiple atlassian applications on the same server, using the same hostname, which was causing the apps to step on each other's cookies. I changed it to have each app run under it's own DNS name, through an BigIP f5 switch, and it is working.

Hi.  did you have to disable HTTP Basic Authentication in the f5?

Like schmel3 likes this

I have a question regarding the token of each user. Can I get another user's token? Why and for more details follow the link:

My question 

I would be very grateful for an answer

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events