We are encountering an issue with form submission in production environment. The criteria seems to be exceptionally rare, I have been unable to replicate the issue.
CSRF token is created and validated just fine.
Issue seems to occur only when users wait more than 2 hours on a form before submitting, but doing this we have been unable to reproduce as well. Logs
W, [2022-07-14T15:19:37.535241 #2433] WARN -- : Can't verify CSRF token authenticity.
I, [2022-07-14T15:19:37.535556 #2433] INFO -- : Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms | Allocations: 291)
F, [2022-07-14T15:19:37.536425 #2433] FATAL -- :
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
Rails version 6.1.6 Ruby version 2.7.4
The issue was caused by rails-ujs failing to insert CSRF token alongside remote form submissions in some cases.
I was not able to identify the root cause but an upgrade to Rails 7 and Turbo fixed the issue.