Hi Hasintha, Possibly this might be due to multiple network interfaces on the hosting machine. Please check your servers' listening IP and the request IP.
Thanks, Rasika On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee <[email protected]> wrote: > Hi all, > > When trying to perform operations through admin console, once the session > is expired we are getting a 403 from admin console. Seems like this occurs > due to CSRF filter blocking the request since the session is no longer > available at the server side. > > [2016-07-06 15:34:27,576] WARN {org.owasp.csrfguard.log.JavaLogger} - > potential cross-site request forgery (CSRF) attack thwarted > (user:<anonymous>, ip:127.0.0.1, method:POST, > uri:/carbon/userprofile/set-finish-ajaxprocessor.jsp, error:request token > does not match session token) > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- With Regards, *Rasika Perera* Software Engineer M: +94 71 680 9060 E: [email protected] LinkedIn: http://lk.linkedin.com/in/rasika90 WSO2 Inc. www.wso2.com lean.enterprise.middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
