0

I have MVC 4 application whose app pool is stopping every now and then. I see this exception in the Event Viewers Windows Application logs Exception information: Exception type: HttpAntiForgeryException Exception message: The anti-forgery cookie token and form field token do not match. .....................

My controller action has ValidateAntiForgeryToken setup like below

  [HttpPost]
  [ValidateAntiForgeryToken]
  [OutputCache(Duration = 0)]
  public ActionResult Login(LoginViewModel model, string returnUrl, bool loginbutton = true)
    {
    ///
    }

And on my form in view I do have 

 @using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", @id = "login-form" }))
        {
            @Html.AntiForgeryToken()
             ....................
        }

I have looked into this question and added machine key but that does not help either. Any ideas why this could be happening? The site is using SSL certificate but I don't think that could cause any issues.

Community
  • 1
  • 1
rumi
  • 3,293
  • 12
  • 68
  • 109
  • 1
    You will see that message as a normal course of events from time to time. If a user does something like leave the form for a while and then submits much later, the token will be invalid. In any case, that will not cause the entire App Pool to crash. That would require something like a memory leak or some other much more serious issue. – Chris Pratt Oct 11 '16 at 12:39
  • I've just setup debug diag crash dump to possibly find out more. Is there any thing else we can try to identify the actual issue? – rumi Oct 11 '16 at 12:57

1 Answers1

0

By looking at the debug diag logs, I found the issue was related to twitter feeds with invalid username/handler instead of anti-forgery. This was causing system.stackoverflowexception and crashing the app pool.

rumi
  • 3,293
  • 12
  • 68
  • 109