Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

'XSRF Security Token Missing' errors in stash

Chris Wundram
Chris Wundram
Contributor
May 24, 2013

I keep getting these 'XSRF Security Token' errors in stash. They usually appear in sessions that have been around a while (maybe an hour or so). Refreshing the browser will take care of it, but it might come back on the next operation. Loggin out and logging in again seems to fix it for a while. Our Stash instance is using a Jira external directory for the user directory. What would be causing this? How can I fix the configuration to keep this from happening?

Answer
Watch
Like Kent likes this
2873 views

1 answer

1 accepted

1 vote
Answer accepted
jhinch (Atlassian)
jhinch (Atlassian)
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 24, 2013

Stash currently protects all of its form submissions submissions from Cross-site request forgery by generating a secret token per-user and includes it in the form submission. This token is separate from the authentication mechanism used or the user directory strategy. This token expires a lot quicker than the user session.

If you do see the operation failure warning due to an expired XSRF protection all that is required is hit the 'Retry Operation' and your form submission should suceed and all subsequent forms should use the new token. Futhermore, you should only see this error if you leave a form sitting around for a while without submitting it.

This is all part of Stash's normal functionality.

View More Comments
Chris Wundram
Chris Wundram
Contributor
May 30, 2013

Actually I discovered the problem. It was that I was running multiple atlassian applications on the same server, using the same hostname, which was causing the apps to step on each other's cookies. I changed it to have each app run under it's own DNS name, through an BigIP f5 switch, and it is working.

Like
agouaux
agouaux March 4, 2019

Hi.  did you have to disable HTTP Basic Authentication in the f5?

Like schmel3 likes this
Andrei Pastushenko
Andrei Pastushenko March 25, 2022

Hi! 
I have a question regarding the token of each user. Can I get another user's token? Why and for more details follow the link:

My question 

I would be very grateful for an answer

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.