Login returns 422 error

After recently upgrading GitLab to version 10.1.10, I am unable to login, being provided with “422 -The change you requested was rejected.”. So I upgraded to 10.1.13, hoping it was merely a bug, however I still am presented with the same issue.

I have spent a lot of time trawling google and the forum to find a reason as to why I may be having this issue, however the majority of what I’m finding seems to be related to an LDAP issue from 3 months ago, for which my version should be patched - although I do not have LDAP enabled anyway.

When I investigate in production.log, I am presented with the following:

Processing by SessionsController#create as HTML
  Parameters: {"utf8"=>"", "authenticity_token"=>"[FILTERED]", "user"=>{"login"=>"shanept", "password"=>"[FILTERED]", "remember_me"=>"0"}}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 41ms (ActiveRecord: 4.2ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken)
  lib/gitlab/middleware/multipart.rb:93:in 'call'
  lib/gitlab/request_profiler/middleware.rb:14:in 'call'
  lib/gitlab/middleware/go.rb:17:in 'call'
  lib/gitlab/etag_caching/middleware.rb:11:in 'call'
  lib/gitlab/middlware/read_only.rb:30:in 'call'
  lib/gitlab/request_context.rb:18:in 'call'
  lib/gitlab/metrics/requests_rack_middleware.rb:27:in 'call'

Env info:

System information
Current User:	git
Using RVM:	no
Ruby Version:	2.3.5p376
Gem Version:	2.6.13
Bundler Version:1.13.7
Rake Version:	12.1.0
Redis Version:	3.2.5
Git Version:	2.13.6
Sidekiq Version:5.0.4
Go Version:	unknown

GitLab information
Version:	10.1.3
Revision:	e6142bc
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	postgresql
URL:		http://gitsvr
HTTP Clone URL:	http://gitsvr/some-group/some-project.git
SSH Clone URL:	git@gitsvr:some-group/some-project.git
Using LDAP:	no
Using Omniauth:	no

GitLab Shell
Version:	5.9.3
Repository storage paths:
- default: 	/var/opt/gitlab/git-data/repositories
Hooks:		/opt/gitlab/embedded/service/gitlab-shell/hooks
Git:		/opt/gitlab/embedded/bin/git

I absolutely can not log in, and don’t believe there to be a way to roll back to an earlier version, as the only recent backups I have are from 10.1.10 and 10.1.13.

@shanept Can you share more information about your environment? Are you running with the bundled nginx server or have you configured an external web server?

Which version were you running prior to the 10.1.x upgrade?

I am using the inbuilt nginx, so there’s nothing proxyish going on if that’s your thought.

I’m not sure the exact version it was… 8 something. I’m thinking 8.13.x, off the top of my head

@shanept Can you try a GitLab check?

sudo gitlab-rake gitlab:check

Yeah I’ve already looked there, no luck unfortunately.

Checking GitLab Shell ...

GitLab Shell version >= 5.9.3 ? ... OK (5.9.3)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:root, or git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ... 
Shane Thompson / server-stats ... ok
Shane Thompson / switch-manager ... ok
Shane Thompson / perth-config-files ... ok
Shane Thompson / melbourne-config-files ... ok
framework / core ... ok
framework / http ... ok
framework / routing ... ok
framework / support ... ok
framework / middleware ... ok
framework / foundation ... ok
Shane Thompson / custom-startup-scripts ... ok
framework / view ... ok
framework / container ... ok
Shane Thompson / web-uploader ... ok
framework / pipeline ... ok
framework / translation ... ok
framework / contracts ... ok
framework / validation ... ok
Shane Thompson / maintenance-mode ... ok
global-ops / clock ... ok
framework / security ... ok
framework / cache ... ok
framework / event ... ok
Ben Varcoe / AeontechPasswords ... ok
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Redis available via internal API: OK

Access to /var/opt/gitlab/.ssh/authorized_keys: OK
gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Reply by email is disabled in config/gitlab.yml
Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ... 
Shane Thompson / server-stats ... yes
Shane Thompson / switch-manager ... yes
Shane Thompson / perth-config-files ... yes
Shane Thompson / melbourne-config-files ... yes
framework / core ... yes
framework / http ... yes
framework / routing ... yes
framework / support ... yes
framework / middleware ... yes
framework / foundation ... yes
Shane Thompson / custom-startup-scripts ... yes
framework / view ... yes
framework / container ... yes
Shane Thompson / web-uploader ... yes
framework / pipeline ... yes
framework / translation ... yes
framework / contracts ... yes
framework / validation ... yes
Shane Thompson / maintenance-mode ... yes
global-ops / clock ... yes
framework / security ... yes
framework / cache ... yes
framework / event ... yes
Ben Varcoe / AeontechPasswords ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.3.3 ? ... yes (2.3.5)
Git version >= 2.7.3 ? ... yes (2.13.6)
Git user has default SSH configuration? ... yes
Active users: ... 3

Checking GitLab ... Finished

Shameless bump…

Anyone have any ideas as to what could be causing this? Any steps I can take to narrow down what it could be?


I have figured it out.
It was a bad cookie… -_-

Thanks for your help Mark


I have reported the same issue here: https://gitlab.com/gitlab-org/gitlab-ce/issues/40898

You noted “it was a bad cookie” – this is client side only problem? – I’m having the same issue but from multiple web browsers, tested even from multiple systems … it couldn’t be a bad cookie.

Thx! Great help! I have the same situation

Yes, clear cookies for your gitlab site!

1 Like

thank you for your help.