Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

400 (Empty or invalid anti forgery header token.) #2691


User avatar
0
cmthomps created

Anyone have any advice for a 400 (Empty or invalid anti forgery header token.) error? It seems to happen if my session/token times out (or I leave the site open in the browser for a long period of time). If I clear out the cookies for the site in my browser, it's fine again.

Is it possible we're doing something that is messing up how the tokens are handled?


1 Answer(s)
  • User Avatar
    0
    cmthomps created

    I figured it out. We had two versions of ASP.Net Zero running on the same server. One version is and MVC/jQuery site and the other is a .NET Core/jQuery site. It appears that the .NET Core site sets a couple of anti-forgery tokens that the MVC5 site doesn't like.