Common Causes

When a user receives this error, it indicates that a request was made while missing the required security header, or the header did not match the initial page load. This typically happens for one of the following reasons:

  • Cached Login Pages (Most Common): The user is trying to log in using a cached version of the Spira login page from a previous browser session. This frequently happens if a user leaves a tab open on the login page, shuts down their computer, and then tries to log in immediately after restarting. The security cookie will have expired, resulting in a checksum mismatch.

  • Browser Resending Data: The user's browser attempts to re-send a POST call using outdated, cached data.

  • Privacy/Security Plugins: A browser extension (such as an ad-blocker, script-blocker, or strict privacy plugin) is actively filtering out or stripping the CSRF token from the browser's request headers.

  • Network Interference: The request was dropped, delayed, or interfered with between the client and the server (e.g., lost network packets, a very slow connection, or a man-in-the-middle network security monitor).

  • Multiple Spira Instances (Advanced): The user is attempting to access multiple different Spira instances hosted on the exact same domain, in the same browser, at the same time.

Resolution

Because this error is usually caused by expired background session data, the fix is highly straightforward:

  1. Refresh the Page: Simply reload your browser page and attempt to log in or submit the form again. This forces the browser to fetch a fresh, valid Anti-XSRF token.

  2. Clear the Browser Cache: If refreshing the page does not work, clearing the browser's cache and cookies will flush out the expired session data and resolve the issue.

  3. Disable Restrictive Plugins: If the error is persistent, check if any newly installed browser privacy plugins or script-blockers are stripping security headers from the Spira domain.

  4. Avoid Multiple Sessions: Ensure you are not logged into the same application in multiple browser tabs or windows, which can cause token conflicts.

  5. Check for Session Timeout: If you left a page open for a long time before submitting a form, your session may have expired. Refresh the page to generate a new valid token.

Upcoming System Fixes

To prevent the most common cause of this error (re-opening an expired login tab), Spira v9.0 introduces a backend update that prevents the login page from being cached by web browsers. This update aims to eliminate the vast majority of these caching-related token mismatches.