Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vcClQ-00318m-0u for pgadmin-support@arkaria.postgresql.org; Sun, 04 Jan 2026 01:18:37 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vcClN-00EJ8K-1K for pgadmin-support@arkaria.postgresql.org; Sun, 04 Jan 2026 01:18:34 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vcClN-00EJ8C-0a for pgadmin-support@lists.postgresql.org; Sun, 04 Jan 2026 01:18:33 +0000 Received: from uucp.dinoex.org ([2a0b:f840::12]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vcClL-004L8e-1F for pgadmin-support@lists.postgresql.org; Sun, 04 Jan 2026 01:18:33 +0000 Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840:0:0:0:0:0:12]) by uucp.dinoex.org (8.18.2/8.18.2) with ESMTPS id 6041I7wT000033 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Sun, 4 Jan 2026 02:18:07 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) ARC-Seal: i=1; a=rsa-sha256; d=uucp.dinoex.org; s=M20221114; t=1767489490; cv=none; b=OsMNJ1b/EbOUcCmV7nub0/EAUKWTbvYvvck8fF/Dpf1ei8mLhB+muvx+BoV6xvPx5Sq0xpiYQAjViVhCkAwZYyC6J2q+Bb3mhL1Q+ZPWl+5I8gftjDqcQntwfmhXRweIejc5ymOqVR6esghCKK1ENJU0+1BQEY7US2jsHBoh4Kg= ARC-Message-Signature: i=1; a=rsa-sha256; d=uucp.dinoex.org; s=M20221114; t=1767489490; c=relaxed/simple; bh=vUGq9F0rBKNDjnV155VT/op2oNzH3lULshHTFQfXx8M=; h=Received:Received:Received:Received:X-Authentication-Warning:Date: From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition:X-Milter:X-Greylist; b=TR8GZa6w3nZqIHmHNVUIEd8qCAdTVrPMmmG3XXcRXCMH2kQVAVJipNDTwhFjD6Qih94B6P9B+1pQnONPtQpsblByaHeoDqdF4WcrfrRAFwz67NQYPNFp5DGxrEfXHdxW3dzfpRaXht0gWiQQNAD5D7+mpibhotwrkR0u1KmhRGA= ARC-Authentication-Results: i=1; uucp.dinoex.org X-MDaemon-Deliver-To: Received: (from uucp@localhost) by uucp.dinoex.org (8.18.2/8.18.2/Submit) with UUCP id 6041I7s7000032 for pgadmin-support@lists.postgresql.org; Sun, 4 Jan 2026 02:18:07 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from disp.intra.daemon.contact (disp-e.intra.daemon.contact [IPv6:fd00:0:0:0:0:0:0:112]) by admn.intra.daemon.contact (8.18.1/8.18.1) with ESMTPS id 6041Fs08012168 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK) for ; Sun, 4 Jan 2026 02:15:54 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from disp.intra.daemon.contact (localhost [127.0.0.1]) by disp.intra.daemon.contact (8.18.1/8.18.1) with ESMTPS id 6041E1wa048540 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Sun, 4 Jan 2026 02:14:01 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: (from pmc@localhost) by disp.intra.daemon.contact (8.18.1/8.18.1/Submit) id 6041E1p3048539 for pgadmin-support@lists.postgresql.org; Sun, 4 Jan 2026 02:14:01 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) X-Authentication-Warning: disp.intra.daemon.contact: pmc set sender to pmc@citylink.dinoex.sub.org using -f Date: Sun, 4 Jan 2026 02:14:01 +0100 From: "Peter 'PMc' Much" To: pgadmin-support@lists.postgresql.org Subject: 9.11 problem: CSRF tokens do not match Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Milter: Spamilter (Reciever: uucp.dinoex.org; Sender-ip: 0:0:2a0b:f840::; Sender-helo: uucp.dinoex.org;) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (uucp.dinoex.org [IPv6:2a0b:f840:0:0:0:0:0:12]); Sun, 04 Jan 2026 02:18:10 +0100 (CET) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi @all, recently I upgraded to 9.11 (from some 8.9 I think), and now at every occasion (5 or 10 times a day) I get the error "CSRF tokens do not match". At that point nothing seems to help except freshly opening the browser session - and twice a day even that doesn't work, and the server reports a bunch of code alongside errors like: AttributeError: 'AnonymousUser' object has no attribute 'username' TypeError: 'NoneType' object is not subscriptable KeyError: 'auth_source_manager' and doesn't respond and apparently wants a restart. There was no such or similar issue earlier. The piece runs in server mode under uwsgi behind an Apache reverse proxy on FreeBSD-14, login is thru Kerberos. A quick glance through the config file didn't show me anything suspicious - the issue might as well be caused by some prereq package (which have also been upgraded), but I am not a python guru, so I thought it better to discuss it here, for now. I installed from the wheel into a fresh virtualenv (after patching "psycopg[binary]" to "psycopg[c]", because "psycopg[binary]" simply doesn't exist for unix servers) and left all the dependencies to pip to resolve. -- PMc