[Fixed] HttpAntiForgeryException: The provided anti-forgery token was meant for user “”, but the current user is “userName”.

In this article, I am going to explain how to do we can fix HttpAntiForgeryException. I was working on asp.net MVC project and it was the exception occurring most of the time on the production server. I got many exception messages from the rollbar.

I did google research and found some methods like it may be due to someone double click the login button. I tried to disable the login button once clicked but didn’t help me out.

Then I did more research and found other ways but nothing work. At the last, I got a very simple solution which I’m going to share with you guys.

Why It happen?

It happens when user login with valid credentials and once logged in and re-directed to another page. After that, he presses the browser back button will show the login page again. He entered the valid credentials again that time this exception will occur

HttpAntiForgeryException: The provided anti-forgery token was meant for user “”, but the current user is “userName”.

How to Fix it?

Please add [OutputCache(NoStore=true, Duration = 0, VaryByParam= “None”)] this line to your login get method. It will work like charm or see below working method.

 [AllowAnonymous]
 [HttpGet]
 [OutputCache(NoStore=true, Duration = 0, VaryByParam= "None")]
 public ActionResult Login(string returnUrl)
 {
   ViewBag.ReturnUrl = returnUrl;
   return View();
 }

Once you fixed it, you can try above scenario again to test it will work now.

Don’t forget to comment and share this article.

Posted by | View Post | View Group