pfSense Support Subscription

Author Topic: 2 logins to get on the webif  (Read 1225 times)

0 Members and 1 Guest are viewing this topic.

Offline _igor_

  • Hero Member
  • *****
  • Posts: 602
  • Karma: +0/-0
    • View Profile
2 logins to get on the webif
« on: April 18, 2011, 05:41:57 am »
I have to enter lots of times twice my login, because i get this:
Code: [Select]
CSRF check failed. Either your session has expired, this page has been inactive too long, or you need to enable cookies.
Debug: sid:50a4fc00465fa06c0b2b346497b5a4b7d9779450,1303056141

This happens on autologout and when i reload my browser and do not login at the same time when the login-page loads. Its somewhat annoying. Is there any way to bypass that?

Happens too if any page is opened and i want to get a new tab or want to change to an other page on the webif after a "long" time. Then i get the login-page but after login this message and i have to login another time. I think that this messages should not appear after a fresh login.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14994
  • Karma: +4/-0
    • View Profile
Re: 2 logins to get on the webif
« Reply #1 on: April 18, 2011, 02:35:46 pm »
It's a security protection, so someone can't steal your old session.

Though I haven't seen this happen lately myself. If I leave it sit for a long time it just takes me back to the login page. though it's rare that I hit the auto logout timer in a given browser session so I may just not be replicating your same circumstances.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline _igor_

  • Hero Member
  • *****
  • Posts: 602
  • Karma: +0/-0
    • View Profile
Re: 2 logins to get on the webif
« Reply #2 on: April 20, 2011, 05:44:44 am »
Ok, that sounds ok for me, but when i get popped to the login-page, it should *not* occur that i have to login twice! And this is the fact which disturbs a bit. shouldn't the cookie be deleted or rewritten upon login to avoid that?

I can replicate that very simple: stay at any of the services-page, wait a time, then press "save": You get your first message and jump to the login-page. Then login and you'll get the second message and again jump to login. Then, after the second login you can do whatever you want to do.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14994
  • Karma: +4/-0
    • View Profile
Re: 2 logins to get on the webif
« Reply #3 on: April 20, 2011, 07:07:28 am »
That is probably a side effect of your first action after the timeout being a POST, and tripping the CSRF protection. There may not be a good way around that one, though I'm not sure why it makes you login twice.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!