I moved my symfony project to a production environment on a new server. Everything seems to have gone okay, composer installed fine, etc. However, the registration form, we're using FOSUSERBUNDLE, now returns the error "The CSRF token is invalid. Please try to resubmit the form.". Resubmitting the form just returns the same error. I had no issues with this on the development server.
I am overriding the FOSUERBUNDLE registration form and .twig page template but the changes are minimal other than adding some form fields.
I verified that the sessions are being created in var/sessions/prod. The registration form has the
<input type="hidden" id="fos_user_registration_form__token" name="fos_user_registration_form[_token]" value="U5ONtHIcHgIpmj9yNWOl13r91QGzgbqu4y3ypk3rq34" />
field in it but I also tried forcing the _csrf_token field in the form but that did not help.
From security.yml:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: app_startpage
always_use_default_target_path: true
logout:
handlers: [logout_listener]
anonymous: ~
switch_user: ~
remember_me:
secret: '%secret%'
Is there any other code of relevance that I can show?
Solved: I finally found a thread here with a solution that worked. We are operating this site with sub-domains (each "business" has their own sub-domain) and I had added code so that cookies were shared across sub-domains, cookie_domain: '.%base_url%'. Removing that fixed the issue with the invalid csrf token. The original post: stackoverflow.com/a/49481416/6759549
