Skip to content

CSRF token missing on Firefox Android (Mobile) due multi sessions #9623

New issue
New issue
Open
Open
CSRF token missing on Firefox Android (Mobile) due multi sessions#9623
Labels
Bug
@Mohammad-Nobel

Description

@Mohammad-Nobel
Mohammad-Nobel
opened on Feb 9, 2026

Please note that security bugs or issues should be reported to security@pgadmin.org.

Describe the bug
I am running pgAdmin 4 (v9.12) behind Nginx. Login works perfectly on Firefox Desktop. However, on Firefox Android, the application generate multiple Session IDs leading to the error "CSRF session token is missing." while the problem a new session created with new CSRF

To Reproduce
I've attached the Nginx headers log for requests and responses from /pgadmin on both desktop and mobile to compare the reasons, aslo pgadmin error log to check the Flask server behavior when receive mobile requests

Screenshots
attached

If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: Arch Linux
  • pgAdmin 9.12 built on server python venv
  • Mode: Server
  • Browser: Firefox Andorid mobile
  • Package type: Python

Image
Image
Image
Image
pgadmin4-bug-report.log.txt
pgadmin_debug_nginx_firefox_desktop.log
pgadmin_debug_nginx_firefox_mobile.log
pgadmin_error_firefox_desktop.log
pgadmin_error_firefox_mobile.log

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bug

    Type

    No type

    Projects

    Not Refined

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions