Error Description

You get the error message "The provided X-CSRF token for path "/stageware1/..." is invalid" on the frontend of the test environment.

Actions where this error most often occurs:


The X-CSRF token check is a security function. This prevents bots (=automated programs) from performing unwanted actions in your store. This blocks attempted purchases, registrations, etc. by bots.

When you open your shop as a normal visitor, an X-CSRF token is automatically generated for you, which is valid for a certain amount of time. To explain why your token is invalid in the test environment, we need to elaborate a bit.

The token is stored as a cookie in your browser and in your session on the server. For critical actions (purchases, registrations, etc.) the token from the cookie is compared with the token on the server and the action is allowed if it matches or blocked if it does not.

Technically, the live system and the test environment are accessible via the same domain. Since your browser also stores cookies per domain, you might not receive a new token or a second cookie with a new token when using the test environment.

The result can be that the wrong tokens are compared and the error message appears.


The error message does not indicate a real error. You can solve the problem with one of the following approaches or avoid it in the first place: