Try our conversational search powered by Generative AI!
AI OnAI Off
Login page removes anti forgery cookie causing login to fail
Thank you for reporting this David. We're looking at it and I think it's fixed in the next release.
Edited,
Feb 06, 2018 8:18
Any updates on when this will be released?
We are experiencing the same problem in our upgraded test environment (Episerver 11 update 201) and don´t wan´t to upgrade our production environment until this bug is fixed.
Best regards!
Feb 13, 2018 12:28
I've been experiencing this issue since mid January. Have not noticed the error after CMS 11.3.3 upgrade.
Feb 14, 2018 4:40
Our developer and production version is 11.3.3. (updated from 9.12) and we and our customer get this error very often. Very very annoying 
Anyway, both servers are win server 2008 r2 and also i'll disable AntiForgeryValidation from pluginmanager, no effect
Jun 04, 2018 13:14
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
Every other time the login page (/Util/Login.aspx) is loaded EPiServer 11 adds or removes the antiforgery cookie named __epiXSRF which causes every other login attempt to fail.
Steps to reproduce:
Expected result:
Refreshing the login page should not remove the required antiforgery cookie.
Cause:
The OnLoad event on EPiServer.UI.Util.Login calls RemoveCookie on every page load but AntiForgeryValidation will only add the cookie if it is missing.
Latest version tested:
EPiServer.CMS.UI 11.2.4