Spring Security: How to Handle 'Invalid CSRF Token' Errors During Authentication
I'm performance testing and I'm learning this framework and After trying multiple solutions online, I still can't figure this out... I'm not sure how to approach I'm confused about Hey everyone, I'm running into an issue that's driving me crazy. I'm using Spring Boot 2.5 with Spring Security for handling user authentication, and I've encountered a frustrating scenario with CSRF protection. After logging in, when I try to access secured endpoints, I occasionally receive a 'Invalid CSRF Token' behavior, which prevents the request from completing successfully. I've verified that the CSRF token is being included in my requests, but it seems like it sometimes doesn't match what the server expects. Here is the relevant part of my security configuration: ```java @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .and() .authorizeRequests() .antMatchers("/login", "/public/**").permitAll() .anyRequest().authenticated() .and() .formLogin(); } ``` On the client side, I'm using Axios to make the requests, and I include the CSRF token from the cookies: ```javascript axios.defaults.headers.common['X-CSRF-TOKEN'] = getCookie('XSRF-TOKEN'); // Helper function to get the CSRF token from cookies ``` The scenario seems to occur mostly after a period of inactivity. I suspect that the CSRF token might be expiring, but I need to find any documentation on how to handle this gracefully. I tried refreshing the token by making a new GET request to the API to get a fresh token before making a POST request, but this hasn't solved the question. Additionally, I checked the application logs and noticed intermittent warnings about CSRF tokens not being found or being expired. Is there a recommended practice to manage CSRF tokens in a Spring Security context, particularly regarding session expiration and re-authentication? Any insights or suggestions would be greatly appreciated! Thanks in advance! What's the correct way to implement this? How would you solve this? Is there a better approach? Any ideas how to fix this? For context: I'm using Java on Windows 11. Is this even possible?