Csrf + Cache

Occasionally, my customers get an Access denied: Possible CSRF attack error when trying to add items to the cart. If I clear the CS-Cart cache and restart Varnish/Apache, the error goes away. Any idea what might cause this? And, how often does CS-Cart automatically clear it's own cache (if ever)?

Shouldn't be cache related....

Cs-cart clears the cache when addon settings are changed (or addons installed) and or a variety of other reasons. Note that the cache is updated on changes to products, categories, language variables, etc. But updating the cache with new info is not the same as clearing.

Generally you never want to clear a properly constructed cache. And a cache should have an obsolescence time which cs-cart doesn't use (maybe in 4.3.3 - not sure).

Reminder that there are several caches within cs-cart and that the ?cc method only clears the registry cache, not the template cache nor the static cache where css/js code is stored.

Try to open the config.local.php file and change the value of the anti_csrf option to false:

'anti_csrf' => true, // protect forms from CSRF attacks

Reminder that there are several caches within cs-cart and that the ?cc method only clears the registry cache, not the template cache nor the static cache where css/js code is stored.

I was actually issuing an rm -rf var/cache/* command vs. using the admin.

Try to open the config.local.php file and change the value of the anti_csrf option to false:

'anti_csrf' => true, // protect forms from CSRF attacks

I want to keep that security featured enabled - I just want it work without issues.

I want to keep that security featured enabled - I just want it work without issues.

I understand. Just want to make sure that the issue is related with this setting.

Did you ever solve this issue?

I get the same exact issue but only on Chrome Android client. In desktop and also other mobile browser it works great.

If anyone can solve this issue for me, I will be happy to pay.

why dont you forward this to bugtracker for inspection?

https://forum.cs-cart.com/tracker/