How to set CSRF Token expiry in cakePHP 3.7?

Question

How can I set the expiry time of CSRF token in cakePHP 3.7 form. When I opened a login form for a long time and then submit. It throws black-hole request error. How can I overcome this issue?

[Cake\Controller\Exception\AuthSecurityException] The request has been black-holed
Request
_method=POST&_csrfToken=b61efb3fa9955154dbf38619ff06484e4a45ed35ce6019fd808e0b49c417da7720eb556456341a77a74465160787c0d5561263416bac3f585330d165493681e5&email_address=brittany%40rootrez.com&redirect=%2Fadmin%2Fproperty%2F&_Token%5Bfields%5D=406d43c1169b502cadd7e41e2ec0973335d316e1%253Aredirect&_Token%5Bunlocked%5D=g-recaptcha-response
Response
[Cake\Controller\Exception\AuthSecurityException] The request has been black-holed
#0 /var/www/rootrez/vendor/cakephp/cakephp/src/Controller/Component/SecurityComponent.php(124): Cake\Controller\Component\SecurityComponent->_validatePost(Object(Admin\Controller\AuthController))
#1 /var/www/rootrez/vendor/cakephp/cakephp/src/Event/EventManager.php(353): Cake\Controller\Component\SecurityComponent->startup(Object(Cake\Event\Event))
#2 /var/www/rootrez/vendor/cakephp/cakephp/src/Event/EventManager.php(330): Cake\Event\EventManager->_callListener(Array, Object(Cake\Event\Event))
#3 /var/www/rootrez/vendor/cakephp/cakephp/src/Event/EventDispatcherTrait.php(114): Cake\Event\EventManager->dispatch(Object(Cake\Event\Event))
#4 /var/www/rootrez/vendor/cakephp/cakephp/src/Controller/Controller.php(681): Cake\Controller\Controller->dispatchEvent('Controller.star...')
#5 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/ActionDispatcher.php(115): Cake\Controller\Controller->startupProcess()
#6 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/ActionDispatcher.php(94): Cake\Http\ActionDispatcher->_invoke(Object(Admin\Controller\AuthController))
#7 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/BaseApplication.php(235): Cake\Http\ActionDispatcher->dispatch(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#8 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cake\Http\BaseApplication->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#9 /var/www/rootrez/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php(162): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#10 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cake\Routing\Middleware\RoutingMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#11 /var/www/rootrez/vendor/dereuromark/cakephp-setup/src/Middleware/MaintenanceMiddleware.php(47): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#12 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/Runner.php(65): Setup\Middleware\MaintenanceMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#13 /var/www/rootrez/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php(88): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#14 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cake\Routing\Middleware\AssetMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#15 /var/www/rootrez/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(96): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#16 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cake\Error\Middleware\ErrorHandlerMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#17 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/Runner.php(51): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#18 /var/www/rootrez/vendor/cakephp/cakephp/src/Http/Server.php(98): Cake\Http\Runner->run(Object(Cake\Http\MiddlewareQueue), Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#19 /var/www/rootrez/webroot/index.php(40): Cake\Http\Server->run()
#20 {main}
Request URL: /admin/login

Whenever receiving errors, please always post **the _complete_ error**, that is, **including the _full_ stacktrace** (ideally copied from the log files where it is available in a properly readable fashion)! A screenshot of the error page with debug mode enabled is helpful too, as it may provide additional information that can help solving the problem. That being said, CSRF tokens by default do not expire until the browser session is terminated. "black hole" exceptions are triggered by the security component, which isn't dealing with CSRF tokens. — ndm, Jun 28 '19 at 09:55
@ndm thanks for your reply. Update the post with the complete error. — suneeth shihab, Jul 01 '19 at 10:02
As you can see from the stacktrace, it's the security component that throws that error. Enable debug mode for possibly more information on the problem. Also if you are waiting too long, then maybe the session has timed out / renewed (the security token is session id bound). — ndm, Jul 01 '19 at 10:43

How to set CSRF Token expiry in cakePHP 3.7?

0 Answers0