Page MenuHomePhabricator

Generate a new CSRF token if the old one is invalidated
Open, MediumPublic

Description

The bot may fail to because the current CSRF token is invalid. Then a new one should be generated.

(This is important with T139842: Restartable bot framework as CSRF token is not always persistent.)

Event Timeline

Isn't this the same as T78393? (or at least too similar)

Xqt triaged this task as Medium priority.Jul 30 2019, 5:56 PM

We should use action=checktoken for a token validation, but I'm not sure, where to put this check. It needs to check before every write/relogin action I think