CSRF messages
Daria Mamchenkova avatar
Written by Daria Mamchenkova
Updated over a week ago

Cross-Site Request Forgery (CSRF) is an attack that tricks a web browser into executing an unwanted action in an application to which you are currently logged in. This attack uses a vulnerability in a web application if it cannot differentiate between a request generated by an individual user and a request generated by a user without their consent.

This article helps you understand why you see the CSRF message and what you should do to fix it.

CSRF messages

"CSRF invalidation message" or "CSRF token is invalid" occurs when the page is open in the browser for a long time, and a request to change or save data is sent without the page update. It happens because the data Affise represents in UI is not static, it changes and makes updates only after the request to the database. When a tab is pinned in a browser, it can no longer be treated as the latest version of an offer or statistics data.

This message might occur during affiliate authorization:

You might also see it while saving an offer:


How to fix it

Step 1. Reload the page and don't keep it open for too long (no more than 24 minutes). If it doesn't help, go to step 2.

Step 2. Share the browser cookies with Affise. The process is slightly different depending on the browser you use.


  1. Open the browser, and from the Safari drop-down menu, select Preferences.

    πŸ”Ž You can also use the Cmd + comma (⌘ + ,) shortcut to open advanced settings.

  2. Select the Privacy tab and make sure that the Block all cookies checkbox is not selected in the Cookies and website data.

  3. Click the Manage Website Data button to see all locally stored website data.

  4. In the Search field, enter your Affise domain (e.g., offers-rocketcompany.affise.com), and remove all related entries.

  5. Reload the browser and log in again.


  1. In the browser, click Settings and select the Privacy and security tab.

  2. In the Privacy and security section, click Cookies and other site data.

  3. On the opposite of the Sites that can always use cookies, click Add.

  4. In the Site field, enter [*.]offers-rocketcompany.affise.com, and then click Add.

  5. In the Cookies and other site data section, search for your Affise domain and remove all related entries.

  6. Reload the browser and log in again.


  1. In the browser, click Settings sign and then click the Manage more settings button.

  2. Go to Privacy & Security > History, and in the Firefox will drop-down list, select the Use custom settings for history option.

  3. In the Cookies and Site Data section, click the Manage Exceptions button.

  4. In the Address of web site field, enter your Affise domain (e.g., offers-rocketcompany.affise.com), and remove all related entries.

  5. Reload the browser and log in again.

πŸ“ƒ Related topics

Please contact the Affise Customer Support team regarding all raised questions via the e-mail: [email protected].

Did this answer your question?