"BAD CSRF" error when trying to log in to this forum



I keep on getting the error message “BAD CSRF” when trying to log in to this forum. See picture:

I then have to go through a “Forgot password” => email => new password cycle in order to get myself logged in.
Having to choose a new password every single time, just to log in is a bit tiresome…

Is there anything that can be done about this?


Matt :slight_smile:


that’s very odd. I checked the settings and your username shows up without any flags or issues. Is a firewall somehow interfering with your experience logging in?


Hi Jen, thanks for responding :slight_smile:

I’m trying from home, so no corporate firewalls or anything. I am using Windows 10, everything up to date, with ZoneAlarm free firewall.

Let me disable it, see if I can log in…


Nope, disabling firewall does not solve the problem :confused:


Also using Firefox instead of Chrome doesn’t change anything:


Does the forum software have strange password restrictions?
I use a password manager to generate long random passwords, could this be a problem (although that would be very strange and bad if it were…)?


I also checked whether my VPN software that I habitually use could be the problem, but disabling that also doesn’t solve the issue…


And connecting my VPN to a USA server also doesn’t help (I’m in Europe).


Could you create a new account with a basic password (don’t use the password manager) - see if you can logout, login? I feel that password manager may be jacking up the system.


Okay, gimme a sec…


Account created, email verified, automatically logged in.
I’m now going to log out & log in…


This works… I can log out and in again.

How can a password manager make a difference here? Isn’t all it does is fill in the email and password fields?



I’m not sure, unless the password manager is bumping up against our forwarding (this forum used to be forum.nativescript.org and then to get it behind https we switched to discourse.nativescript.org)…long story short, welcome! and welcome back! I like your username.



It’s weird: I’m looking at the headers, and it seems (although I’m no networking expert) that when I log in without the password manager, successfully, then it was a GET request (status code 200, success). But when I use the password manager, and it fails, then it is a POST request (status code 403, which means forbidden)…

I mean, what?!?!?


Something is definitely weird.
Even when I don’t use the password manager, I now sometimes cannot login for some reason.
Am I the only one having problems?

People here had/have similar problems, with the same forum software:



If this ever happens with a user: it’s possibly the speed with which the Login button is automatically “clicked” by LastPass, see above.

Disabling AutoLogin in LastPass solves the issue.