You could try to increasing the log level for Client_Auth log node. I recently created a ticket for this one because I had never seen these errors before. On my side I could not reproduce those log errors and encountered it only once. According to support  Code 419 means that the session has expired. By raising the log node you might be able to get more info.

Regards,

Ronald

I had the same issue with a restored local database and we had to delete ApplicationRootUrl in settings.

Hello

I have the same issue, but only in Chrome, whereas in Firefox it works.

I'm debugging the network calls, and I see that the second POST to /xas returns 401 to Chrome and 200 to Firefox. The only differences I see the Cookies. With Chrome, there are very few Cookies compared to Firefox. As an example, XAS_SESSIONID is not set in Chrome....

I'm still debugging...

I finally managed to solve it and I share my solution.

The problem comes from the fact that Mendix Runtime returns this response header to the first request POST /xas that generates the user session : 

Set-Cookie
	__Host-XASSESSIONID=4e096fdc-56fa-42b4-8e37-e6c9b807c783; Path=/; Secure; HttpOnly; SameSite=Strict

It is accepted by Firefox but not by Chrome because of the security rules (https://www.ietf.org/archive/id/draft-west-cookie-prefixes-05.txt) that don't accept cookies with prefix __Host on a http connexion.

So the solution was to say to mendix that it runs in http by setting this environment variable 

MXRUNTIME_ApplicationRootUrl=http://localhost:8080

That explains why the behaviour is different when you run the app in the Mendix studio (it uses http), and in a Docker image with the MXRUNTIME_ApplicationRootUrl variable.