The anti-forgery cookie token and form field token do not match in MVC 4

Solution 1:

I resolved the issue by explicitly adding a machine key in web.config.

Note: For security reason don't use this key. Generate one from https://support.microsoft.com/en-us/kb/2915218#AppendixA. Dont use online-one, details, http://blogs.msdn.com/b/webdev/archive/2014/05/07/asp-net-4-5-2-and-enableviewstatemac.aspx

 <machineKey validationKey="971E32D270A381E2B5954ECB4762CE401D0DF1608CAC303D527FA3DB5D70FA77667B8CF3153CE1F17C3FAF7839733A77E44000B3D8229E6E58D0C954AC2E796B" decryptionKey="1D5375942DA2B2C949798F272D3026421DDBD231757CA12C794E68E9F8CECA71" validation="SHA1" decryption="AES" />

Here's a site that generates unique Machine Keys:

http://www.developerfusion.com/tools/generatemachinekey/

Solution 2:

Another reason for having this error is if you are jumping between [Authorize] areas that are not cached by the browser (this would be done on purpose in order to block users from seeing protected content when they sign out and using the back button for example).

If that's case you can make your actions non cached, so if someone click the back button and ended up on a form with @Html.AntiForgeryToken() the token will not be cached from before.

See this post for how to add [NoCache] ActionFilterAttribute: How to handle form submission ASP.NET MVC Back button?

Solution 3:

make sure you put the @Html.AntiForgeryToken() in your page's form

Solution 4:

I had this problem for a long time and assumed it was something wrong with ASP.NET.

In reality, it was the server. I was with WinHost then, and they have a 200MB memory limit. As soon as I had ~20 users on at the same time, my limit was reached. At this point, everyone was logged out and yielded these issues.

Solution 5:

For me, this was caused by submitting a form using a button tag. Changing this to an input submit tag resolves the issue.