MVC3 asp.net Html.AntiForgeryToken () problem when user has multiple tabs with the same form

Question

MVC3 asp.net Html.AntiForgeryToken () problem when user has multiple tabs with the same form

I am trying to add Html.AntiForgeryToken()

a login form to an MVC3 site. This form is located on every page of the site. I noticed that if a user opens multiple tabs on the site and then goes back to the old tab and submits the login form, the tokens on the other tabs become invalid even when using salt. Is there a way to get around this?

This is just one example: there are other forms on the site that users seem to have multiple tabs on.

+3

asp.net asp.net-mvc-3 antiforgerytoken

Bret thompson Jan 30 At 16:14

source to share

2 answers

Ömer Cinbat · Answer 1 · 2015-07-03T07:32:05+0000

We have the same problem on our e-commerce sites. In my situation, a user can put things in his cart without logging in. But after opening multiple tabs without login, user decides to login and tries to add all products after login in one tab and where the error is.

So, I decided to put this page just before submitting the form in order to get a new AntiForgeryToken.

I created a new partial view with only Html.AntiForgeryToekn and called it via AJAX before submitting the form. And replace the __RequestVarificationToekn value with the form with a new one.

Hope this solves the problem for you.

Kaustav Banerjee · Answer 2 · 2015-01-08T06:55:34+0000

Are you using FormsAuthentication for login? If so, then the same token is shared across multiple tabs during login, and hence all users with existing cookies will face problems. To get around this please follow this post for further assistance

MVC-ANTIFORGERY-TOKEN

MVC3 asp.net Html.AntiForgeryToken () problem when user has multiple tabs with the same form

More articles: