Invalid CSRF token on Symfony 3.4 with Nginx

Question

I have a Symfony 3.4 app that used to work well on my last hosting (apache) But I have changed the hosting, and I am now using Nginx on Debian, using the nginx config given by Symfony here : https://symfony.com/doc/3.4/setup/web_server_configuration.html#nginx

I try to make my Symfony app work on the new hosting, but I have a form error. When validating, I have a "Invalid CSRF token". I have checked the php session folder that remains empty (normal ??). I try to chmod it 777, but same problem. (I am sure of the location of the php session, as I found it using phpinfo()). I also tried to chown and chgrp to www-data on this directory...

My app is accessible with HTTPS.

Any idea on how to find the pb ??

Thanks a lot !

Are you using an symfony module to generate and/or validate the CSRF token? Does the form actually have a CSRF token? Have you checked the errors logs on the server? — Beach Chicken, Feb 09 '20 at 14:34
Could you also validate www-data user is the owner of the NGINX process? — Beach Chicken, Feb 09 '20 at 14:40

score 0 · Answer 1 · answered Feb 09 '20 at 15:38

0

In fact, I realized that the Symfony session file, where the CSRF token was stored, was in an other place than the configured php session (in php.ini).

I did have a right issue with the symfony session folder.

Thanks for your help !

answered Feb 09 '20 at 15:38

wyllyjon

505
1
5
20

Invalid CSRF token on Symfony 3.4 with Nginx

1 Answers1