BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

"419 Page Expired" When user inactive in login page then try to login and configured Single Sign On mode

Open nurradityam opened this issue 1 year ago • 2 comments

Describe the Bug

I just noticed the login page when configured with Single Sign On did not automatically refreshed, so if a user logged out or inactive in login page for a long time then try login, it show 419 Page Expired error, the current workaround was refreshing the page

Steps to Reproduce

  1. bookstack configured to SSO mode
  2. go to bookstack login page and let the page inactive for few hours
  3. try to login
  4. it show 419 Page Expired

Expected Behaviour

after click login it should redirected to SSO login page

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

v24.02.2

nurradityam avatar May 01 '24 04:05 nurradityam

Hi @nurradityam, This is by design really and applies to all forms within BookStack.

ssddanbrown avatar May 01 '24 09:05 ssddanbrown

@ssddanbrown Can you clarify how CSRF tokens are reissued on session timeout, creation & end?

For example—say there are two tabs of bookstack open at the login page. A user can use one page to log into the app, do their thing and then close that tab. Come back in a few minutes to the previously open login tab, attempt a login and they'll receive a 419. Is there any keep-alive support for bookstack-issued CSRF tokens?

mswinehart avatar May 06 '24 14:05 mswinehart