'Unable to verify your data submission' how to troubleshoot?

Yii 2.0 General Discussions
1

I’m running a Yii2 (2.0.38) application on Microsoft Azure and seem to be getting a lot of :

[error][yii\web\HttpException:400] yii\web\BadRequestHttpException: Unable to verify your data submission. in D:\home\site\vendor\yiisoft\yii2\web\Controller.php:202
Stack trace:
#0 D:\home\site\vendor\mdmsoft\yii2-admin\controllers\UserController.php(51): yii\web\Controller->beforeAction(Object(yii\base\InlineAction))
#1 D:\home\site\vendor\yiisoft\yii2\base\Controller.php(178): mdm\admin\controllers\UserController->beforeAction(Object(yii\base\InlineAction))
#2 D:\home\site\vendor\yiisoft\yii2\base\Module.php(528): yii\base\Controller->runAction(‘login’, Array)
#3 D:\home\site\vendor\yiisoft\yii2\web\Application.php(103): yii\base\Module->runAction(‘admin/user/logi…’, Array)
#4 D:\home\site\vendor\yiisoft\yii2\base\Application.php(386): yii\web\Application->handleRequest(Object(yii\web\Request))
#5 D:\home\site\wwwroot\admin\index.php(17): yii\base\Application->run()
#6 {main}

errors. How can I go about troubleshooting this? Normally I find the culprit in the stack trace, but I’ll admit in this case, I don’t know what to do.

2

I have some problems with this and running on AWS.

My diagnosis is that this problem usually occurs to users who start to fill a form and let it unfinished opened for a long period of time (15min+) or some users with very slow internet.

I don’t think it is a Yii2-specific issue though, but don’t now how to tackle it and would be great to hear from others.

3

This is likely to do with CSRF Protection.

In order to prevent CSRF attacks all POST request must include a valid CSRF Token. if this token is not present or can not be verified, Yii will abort the request with the that error.

I don’t know exactly how long the tokens are valid but if users are waiting 15+ minutes before submitting a form, the most likely cause is expired tokens.

1 Like
4

There are many possible causes of this issue, such as:

  • session expired - normally after 20 minutes each PHP session expires, so any submitted CSRF token will be invalid
  • you have many tabs open in a browser for the same site/page - if you do one request in first tab, POST form submitted in a seconds tab will submit already invalid CSRF token
  • missing CSRF parameters in ajax request - these must be injected by you, it is not done automatically by framework unless you render ActiveForm - e.g. see solution here.

Your description is too vague to guess reason more precisely, just stack trace is not enough. Would be helpful to see some HTML/javascript which sends the request.

1 Like