-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ANTIFORGERY_ID_mismatch. Expecting... #237
Comments
Hi, |
@andyleese @planet4 Can you please share some details on how you're hosting WordPress? |
its it writes sessions to temp fine |
A couple more questions:
|
its a network setup OK if I put http://... it seems to work, signs in to https://... |
Exactly the same issue here. Running on Ubuntu server 18.04 with apache. http is redirected to https. Just a few users gets this occasionally. WP is running in a single instance. |
I just downgrade WordPress to 5.3.4 using the following plugin: and everything working fine, we hope to find a solution for this issue in the newer version of Wordpress. |
Create a new Azure AD app and update WordPress to the latest version. |
Not sure if it's the same issue but, make sure you are calling the 'authenticate' filter from the page it's redirecting to after getting the code. I had this issue when I signed in from another page (not wp-login) and the redirect url was set to wp-login.php. |
I've discovered that if your config/site has "Set-Cookie -SameSite=Strict", it will interfere with SSO & the anti-forgery ID being passed |
How can i change this option? |
@mmirandab depends on how you're hosting your wesbite - if it's self-hosted/on a VPS, it's easy enough to change; for apache it's a matter of modifying the relevant "Set Header in the config file (/etc/apache2/conf-available/security.conf for apache on ubntu), & reloading/restarting apache, I'd assume other web servers like NGINX and/or other distros like debian/RHEL-based will be similar. If you're using a managed hosting package - the short answer is I dunno/it depends on the platform/provider |
We are using the plug in for our intranet and some other internal WP sites. In general it works fine but a few users sometimes get the error below.
We are using the Force login plug-in in order to have our users to be logged in automatically.
In would be very happy if someone could point me in the right direction to understand what is causing this error.
The text was updated successfully, but these errors were encountered: