The required anti-forgery cookie "__RequestVerificationToken" is not present.

  • Updated

This article discusses an issue when a form is submitted and a HTTP 500 error is thrown with an additional error as seen below.

The required anti-forgery cookie "__RequestVerificationToken" is not present.

If the Episerver Forms packages is upgraded to newer versions there will also be a requirement to add anti-forgery token within that file's form element:

<%= Html.GenerateAntiForgeryToken(Model) %>

When the page with the form would get reloaded it would not refresh the cookie and then throw this error.

In order to resolve this issue please review the following post here. If the [ContentOutputCache] attributes are set for pages that render forms, removing those allows the cookie to regenerate on page load and resolves the issue.