Duplicate XSRF cookie

Frode Lillerud 11 Jan 2022


we're using the XSRF cookie in CRM in some webpanels for talking to the REST API in Online. This works fine most of the time, but in a few cases we see that things stop working, and when troubleshooting we see that SuperOffice in some cases has TWO cookies for XSRF. One where the Secure-property is set, but also another one where Secure has not been set.

Here is a sample screenshot from when we have the problem.

Gut feeling is that somewhere SuperOffice creates the token, but forgets to set the Secure-property, thus causing a second one to be created instead.

We haven't been able to reproduce it yet, but have seen it in the wild a few times.

Anyone else seen this?

RE: Duplicate XSRF cookie

Frode Lillerud 18 Jan 2022