![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 41%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWW%3C/text%3E%3C/svg%3E)
2,648 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @Wen Wang -X (wenwa2 - DLSP at Cisco),
Do we need to clear cache in order to make HTTP POST request containing CSRF token sent out after app upgrade?
As far as I know, CSRF tokens are usually stored in session or in cookies, generated and submitted by the server-side application in a subsequent HTTP request made by the client.
When you upgrade your application, the server-side code might be updated, including how this token is generated and verified. But the browser can't directly respond to this update, if possible you need to refresh the page or clear the cache to hot reload. In this case the browser may continue to send the stored CSRF token with the request, clearing the cache should make it work.
To sum up, the browser has nothing to do with the token itself, but may be sending bad requests because of the cache. So in my point of view, to avoid such issues, I recommend clearing the browser cache after upgrading the application.
Best regards,
Xudong Peng
If the answer is the right solution, please click "Accept Answer" and kindly upvote. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.