https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34163 Bug ID: 34163 Summary: CSRF error if try OAuth2/OIDC after logout Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: minor Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org If you do a local log into Koha, then logout, then try to do a OAuth2/OIDC log in, you'll get a CSRF error. The reason is that Koha is generating the CSRF token using an id like "anonymous_58d273f40cb20ff0aacab829aaf935fc" but checking it with an id of "_58d273f40cb20ff0aacab829aaf935fc". This is because we're not properly checking the C4::Context->userenv and/or it seems like it's not getting properly set after a logout. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.