The client is not authorized. Request failed with status code 419. Removing token and session.

0
  Every things was working fine until I added signout button. I am using demo users.  Please assist me to solve this issue.   All this does not solve it: Stop running the app. Reopen mendix studio pro 9.24.0 . Restart my device.   Log node: Killing old session for user UserRoleName because new session is created.
asked
4 answers
0

You could try to increasing the log level for Client_Auth log node. I recently created a ticket for this one because I had never seen these errors before. On my side I could not reproduce those log errors and encountered it only once. According to support  Code 419 means that the session has expired. By raising the log node you might be able to get more info.

 

Regards,

Ronald

 

answered
0

I had the same issue with a restored local database and we had to delete ApplicationRootUrl in settings.

answered
0

Hello

I have the same issue, but only in Chrome, whereas in Firefox it works.

I'm debugging the network calls, and I see that the second POST to /xas returns 401 to Chrome and 200 to Firefox. The only differences I see the Cookies. With Chrome, there are very few Cookies compared to Firefox. As an example, XAS_SESSIONID is not set in Chrome....

 

I'm still debugging...

answered
0

I finally managed to solve it and I share my solution.

The problem comes from the fact that Mendix Runtime returns this response header to the first request POST /xas that generates the user session : 

Set-Cookie
	__Host-XASSESSIONID=4e096fdc-56fa-42b4-8e37-e6c9b807c783; Path=/; Secure; HttpOnly; SameSite=Strict

 

It is accepted by Firefox but not by Chrome because of the security rules (https://www.ietf.org/archive/id/draft-west-cookie-prefixes-05.txt) that don't accept cookies with prefix __Host on a http connexion.

 

So the solution was to say to mendix that it runs in http by setting this environment variable 

MXRUNTIME_ApplicationRootUrl=http://localhost:8080

 

That explains why the behaviour is different when you run the app in the Mendix studio (it uses http), and in a Docker image with the MXRUNTIME_ApplicationRootUrl variable.

answered