Adobe Experience Manager Sites & More

chandran8596539 · 5/9/17

I read in some post. if you are accessing the web pages as anonymous user, CSRF token will be empty string. Is this means in publish environment CSRF token will be empty?

MC_Stuff · 5/10/17

Hi Chandran,

CSRF token filter will trigger only for authenticated requests and for anonymous it will never be called. Hence empty string for anonymous is not a valid case.

Thanks,

View solution in original post

MC_Stuff · 5/10/17

Hi Chandran,

CSRF token filter will trigger only for authenticated requests and for anonymous it will never be called. Hence empty string for anonymous is not a valid case.

Thanks,

chandran8596539 · 5/10/17

MC Stuff wrote...

Hi Chandran,

CSRF token filter will trigger only for authenticated requests and for anonymous it will never be called. Hence empty string for anonymous is not a valid case.

Thanks,

Thanks MC,this means in publish environment if end users accessing the page CSRF token will be empty?

Is there any way can have some authenticated pages in publish environment, it should create some default session but it should be accessed by end user (anonymous user).

MC_Stuff · 5/10/17

Hi Chandran,

For anonymous csrf will not be called that means does not exist only so no question of empty.

Ofcourse there are some scenarios like mentioned below can cause such issue. If you can investigate har with persistance log enabled can help to find the cause. https://confluence.atlassian.com/kb/generating-har-files-and-analysing-web-requests-720420612.html

mis configration of PSC implementation OR
load balancer truncating headers as empty instead of anonymous OR
usage of non standard browser OR
Traffic is allowed to publisher even before server is complete up etc...

Thanks,

Adobe Experience Manager Sites & More

Empty CSRF token in Publish

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe