What should I do repeat errors: Preventing auto-resubmit for user after reaching max count

Donna12
Tera Guru

‎01-18-2022 08:02 AM

Hello,

 

Repeat Errors in Log - Preventing auto-resubmit for user after reaching max count following High Security Plug-in installed.

Preventing auto-resubmit for user: <userid> after reaching max count for CSRF token mis-matches!: no thrown error - com.glide.ui.ServletErrorListener

I do not understand what I need to do, ServiceNow did not give me advice.  Do you have any recommendations? 

My questions here

  • Is this impacting the users in its’ current status? If so, what does that look like to the user?  Are they getting error messages, slow response or other?
  • Being SET TO false, why would there be error messages in the logs? 
  • Does this need to be turned on?  Is so how will this impact the users?  

Please note I am not a developer.

SERVICENOW RESPONSE
A careful review of the application node logs finds hundreds, or thousands, of the following errors.

App-Log: Found error for user <userid>
less localhost_log.2022-01-17.txt | sesh 27EE316A1B854910CB50CBBE034BCB22 | grep txid=56e246e21bc5

 2022-01-17 08:42:37 (709) Default-thread-2 27EE316A1B854910CB50CBBE034BCB22 txid=56e246e21bc5 #313598 /xmlhttp.do Parameters -------------------------
 2022-01-17 08:42:37 (710) Default-thread-2 27EE316A1B854910CB50CBBE034BCB22 txid=56e246e21bc5 *** Start  #313598 /xmlhttp.do, user: <userid>
 2022-01-17 08:42:37 (710) Default-thread-2 27EE316A1B854910CB50CBBE034BCB22 txid=56e246e21bc5 SEVERE *** ERROR *** Preventing auto-resubmit for user:<userid> after reaching max count for CSRF token mis-matches!
 2022-01-17 08:42:37 (711) Default-thread-2 27EE316A1B854910CB50CBBE034BCB22 txid=56e246e21bc5 tx_pattern_hash=-2005944411 *** End  #313598 /xmlhttp.do, user: <userid>, total time: 0:00:00.017, processing time: 0:00:00.009, total wait: 0:00:00.008, session wait: 0:00:00.008, SQL time: 0:00:00.001 (count: 3), source: 70.31.114.130

Note: The above CSRF (Cross-Site Request Forgery) token mismatch ERRORS could be impacted by the following system properties:

 

glide.security.csrf.strict.validation.mode
glide.csrf.token.fail.count
glide.security.auto.resubmit.ajax.max.attempts

The only one I found in your instance was
glide.security.csrf.strict.validation.mode and it's set to the default value of false

 

Docs:

https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/concept/c_H...

 

https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/c...

 



Thanks,

John
Labels:
Preview file
4 KB
0 Helpfuls
  • 1,613 Views
1 REPLY 1

Saurav11
Kilo Patron
Kilo Patron

‎01-18-2022 08:08 AM

Hello,

Please find the below thread this has go the answer:-

https://community.servicenow.com/community?id=community_question&sys_id=06d54b21db1cdbc01dcaf3231f9619f3

Please mark answer correct/helpful based on Impact

0 Helpfuls