2

I have an MVC page with two partial views A and B. When I submit partial view B, ONLY the first time I get this error.

The anti-forgery cookie token and form field token do not match.

After the first time the view works perfectly. I have added [ValidateAntiForgeryToken] in the code page and have added @Html.AntiForgeryToken() in the partial view.

When I remove the partial view A from the page, B is working without any error.

Any suggestion would really help.

AlexB
  • 7,302
  • 12
  • 56
  • 74
Pranav
  • 31
  • 1
  • 7
  • Could you post the related section of code? This may help: http://stackoverflow.com/questions/18097401/the-anti-forgery-cookie-token-and-form-field-token-do-not-match-in-mvc-4 – Jimmy Smith Oct 02 '14 at 17:34

1 Answers1

3

When you have [ValidateAntiForgeryToken] attribute the framework does the following

  1. Check if incoming request has a cookie called __RequestVerificationToken
  2. Check if incoming request has a Request.Form entry called __RequestVerificationToken
  3. Check if cookie and Request.Form values match

Because of the above process, one page can only have one valid AntiForgery token.

For details check http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/

AlexB
  • 7,302
  • 12
  • 56
  • 74
Arun Ghosh
  • 7,634
  • 1
  • 26
  • 38