[solved]getUserToken value mismatch when executed with ajax request

tulavu · May 30, 2021, 11:22am

Hello,

How is it possible that the token has a different value when it is called from a snippet in a resource and when it is from an ajax call in the same resource?

I have this line at the beginning of my snippet:

define( 'TOKEN' , $modx->user->getUserToken( $modx->context->get( 'web' ) );

When the user visits the home page the token has a value.

On this home page i have a button to send an ajax request and the same snippet is executed however the token has a different value

This issue prevents me to execute my ajax requests because the token should match between the main page and the ajax calls

Thank you for your help

markh · May 30, 2021, 2:08pm

The token is session based, so perhaps the Ajax request is somehow seen as a different session. Perhaps it’s running a different context or isn’t providing the cookie values (withCredentials)?

halftrainedharry · May 30, 2021, 2:11pm

Not sure this is the problem, but the command

$modx->user->getUserToken( $modx->context->get( 'web' ) );

is wrong. If you want the user token for the ‘web’ context you have to call it like this:

$modx->user->getUserToken('web');

tulavu · May 30, 2021, 11:29pm

Thank you, it works!

it’s weird because in the doc they use it the way i had it:
https://docs.modx.com/3.x/en/extending-modx/security

This is the example from the doc:

if ($token != $modx->user->getUserToken($modx->context->get('key')) { ... }

bobray · May 31, 2021, 3:56am

The term ‘key’ in the docs is meant literally. It’s asking MODX for the ‘key’ of the current context, so MODX would return ‘web’ if that’s the current context. In other words, these are both correct and should work:

$modx->user->getUserToken( $modx->context->get( 'key' ) );
$modx->user->getUserToken( 'web' );

The difference is that the first one would work in other contexts.

tulavu · May 31, 2021, 7:32am

Thank you Bob yes you are right