Validation of Anti-XSRF token failed.

Document ID : KB000011844
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

When logging out of APM we sometimes get the following message: Validation of anti XRSF token failed.

What does this mean and how do we prevent this from happening?

Environment:
CA Asset Portfolio Management 14.1.x
Answer:

Current behavior is expected behavior in 14.x release. 

In 14.1 release we have implemented the Cross Site Request Forgery (CSRF). Anti-XSRF token error occurs when logged in user session invalidated. 

This could occur 
• when user directly posting information from external/untrusted sources 
• user session might be ended due to other user login in the same machine with same browser. 

In both the cases, security validation will fail and shows an error message which is a valid scenario. 

Additional Information:

This is a big security concern and that is why this was implemented. 
The following URL has a very good explanation of CSRF. 
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)