All Collections
FAQs and Troubleshooting
“CSRF token” error message
“CSRF token” error message

Follow these steps if you see a CSRF error message when logging into your Ubidots account.

David Sepúlveda avatar
Written by David Sepúlveda
Updated over a week ago

The “Invalid or missing CSRF token” message means that your browser couldn’t create a secure cookie, or couldn’t access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.

To address this issue, follow these steps.


  1. Open Chrome Settings.

  2. Scroll to the bottom and click on Advanced.

  3. In the Privacy and security section, click the Content Settings button.

  4. Click on Cookies.

  5. Next to Allow, click Add. Type [*.] and click “Add”.

  6. Under All cookies and site data, search for ubidots, and delete all ubidots-related entries.

  7. Reload Chrome and log into your Ubidots account


  1. Go to Firefox's Preferences -> Privacy & Security menu.

  2. In the History section, select "Use custom settings for history" from the drop-down menu.

  3. Click on Exceptions and whitelist

  4. Scroll down to Offline Web Content and User Data.

  5. Delete Ubidots' offline data from the list at the bottom of that page.

  6. Reload Firefox and log into your Ubidots account


If this alone won't help, please enable third-party cookies in the menu mentioned in point 2.


  1. Open Safari Preferences from the drop-down menu in the navigation bar or by typing Cmd + , (⌘,).

  2. Click the Privacy tab and make sure that "Cookies and website data" is set to either "Always allow" or "Allow from websites I visit".

  3. Click on the Manage Website Data button to see all locally stored website data.

  4. Search for “Ubidots” and remove all Ubidots-related entries.

  5. Reload Safari and log into Ubidots account

If you continue to see the same problem after doing this, please contact support through the email provided by your account executive, or through the in-app channel.

Did this answer your question?