0
cmthomps created
Anyone have any advice for a 400 (Empty or invalid anti forgery header token.) error? It seems to happen if my session/token times out (or I leave the site open in the browser for a long period of time). If I clear out the cookies for the site in my browser, it's fine again.
Is it possible we're doing something that is messing up how the tokens are handled?
1 Answer(s)
-
0
I figured it out. We had two versions of ASP.Net Zero running on the same server. One version is and MVC/jQuery site and the other is a .NET Core/jQuery site. It appears that the .NET Core site sets a couple of anti-forgery tokens that the MVC5 site doesn't like.