1. Tempo Avatar Tempo
  2. Prime
  3. servertimesheet
  4. Issues

XSRF Error when Logging Time though timesheet?

Issue #440 invalid
Former user created an issue

Hi

One of our users started experiencing an XSRF token error last week when logging time from the timesheet report. I've attached a screenshot of this error message to the case.

I tried submitting a support case to Atlassian but this error is not appearing when the user tries logging time from the issue itself, only from the timesheet. IF she does log work from the issue itself, that work does not show up on the timesheet for that day...

As per Atlassian support I tried deleting cookies/cache multiple times and her IE 10 options seems to be the same as mine and I am not experiencing the error. We tried with her account on another machine and we are not seeing the error, any idea what it could be?

Not sure if this is actually a timesheet error or Atlassian but thought I would see what you think.

Note: we are on JIRA 5.2.10 and Timesheet Plugin 2.6.2

Thank you! Tudor

Comments (6)

  2. Andriy Zhdanov

    Hi Tudor,

    Well, I also can't know what's going on, I can only suggest you and/or she compare url from browser location bar, particularly value atl_token parameter. Of course it will be different all the time, I just suspect that it may be incorrectly url encoded in her case. But it's hard to figure out. You can paste her (invalid one) here also, to let me inspect it too.

    Thank you.

  3. Former user Account Deleted

    Thanks Andriy. I've taken a look at the URLs on both my machine and hers and it looks like the atl_token parameter is the same for both of us.

    USER WITH XSRF ERROR: (just token) atl_token=BKRE-RAV8-R142-1FC7

    USER WITHOUT XSRF ERROR: (just token) atl_token=BKRE-RAV8-R142-1FC7

    USER WITH XSRF ERROR: http://server/secure/CreateWorklog.jspa?id=14959&startDate=31%2FOct%2F13+12%3A00+AM&atl_token=BKRE-RAV8-R142-1FC7|00e90daa1c9adad6398f535010a36307f80f9d80|lin&returnUrl=http%3A%2F%2Fbssi-vm-jira%3A8080%2Fsecure%2FDashboard.jspa

    USER WITHOUT XSRF ERROR: http://server/secure/CreateWorklog.jspa?id=15400&startDate=08%2FNov%2F13+8%3A49+AM&atl_token=BKRE-RAV8-R142-1FC7|239e55c48621b48f8f7d31ede6dfe58a50182a5f|lin&returnUrl=http%3A%2F%2Fbssi-vm-jira%3A8080%2Fsecure%2FDashboard.jspa

    Any other troubleshooting ideas?

    Thanks again, Tudor

  4. Andriy Zhdanov

    Hi Tudor,

    Well, could you please compare atl_token in Time Sheet gadget and Assigned to Me gadget? I.e. there in Assigned to Me gadget is tools icon, you can right-click and copy link, and then click on '+' sign in Time Sheet gadget.

    Note, this atl_token is generated on every page, but it should be the same until you navigate from the page.

    Note, the atl_token includes value between pipes following the key code.

    If they are the same, does the error happens using anything from the tools menu of Assigned to Me gadget?

    Thank you.

  7. Log in to comment
Assignee
Type
bug
Priority
major
Status
invalid
Component
Version
2.6
Votes
0
Watchers
1