Last Modified Date: 20 Jul 2023
Environment
Tableau ServerResolution
No action necessary, this behavior is by design.Cause
For protection, the session_id cookie has HttpOnly in place. Authentication cannot be completed with the XSRF-TOKEN alone and is successful only when XSRF-TOKEN is paired with the protected session_id cookie.Additional Information
See Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet at the Open Web Application Security Project for more information about Double Submit Cookies.Thank you for providing your feedback on the effectiveness of the article.
Open new Case
Continue Searching
Knowledge Base
Community
Product Help
Training and Tutorials