You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I keep getting these 'XSRF Security Token' errors in stash. They usually appear in sessions that have been around a while (maybe an hour or so). Refreshing the browser will take care of it, but it might come back on the next operation. Loggin out and logging in again seems to fix it for a while. Our Stash instance is using a Jira external directory for the user directory. What would be causing this? How can I fix the configuration to keep this from happening?
Stash currently protects all of its form submissions submissions from Cross-site request forgery by generating a secret token per-user and includes it in the form submission. This token is separate from the authentication mechanism used or the user directory strategy. This token expires a lot quicker than the user session.
If you do see the operation failure warning due to an expired XSRF protection all that is required is hit the 'Retry Operation' and your form submission should suceed and all subsequent forms should use the new token. Futhermore, you should only see this error if you leave a form sitting around for a while without submitting it.
This is all part of Stash's normal functionality.
Actually I discovered the problem. It was that I was running multiple atlassian applications on the same server, using the same hostname, which was causing the apps to step on each other's cookies. I changed it to have each app run under it's own DNS name, through an BigIP f5 switch, and it is working.