"The required anti-forgery cookie "__RequestVerificationToken_L3Rmcw2" is not present

In TFS 2012 web access the following error occurs while you browse work items, areas, and iterations.

"The required anti-forgery cookie "__RequestVerificationToken_L3Rmcw2" is not present. Ensure that cookies are enabled in your browser."

The browser is not able to send the request verification token through cookie .


The problem is that the cookies are sent as secure which is set by the TFS Application server. This not the expected behavior in TFS. The TFS Server will not support the cookies to be sent through secure and hence we received this error message. This prevents the anti-forgery cookie from being sent to the normal HTTP URLs of Web Access.

We can verify this configuration in “C:\Program Files\Microsoft Team Foundation Server x.0\Application Tier\Web Services\web.config” within the <system.web> section as <httpCookies requireSSL="False" />. 

If you don’t find this httpcookie section in the web.config file then you can add this section manually and set it as false. This will force the cookies to be sent in http only.

Note: Please make a backup of the web.config file before you make any changes to it.

Content Created by Sriram M
Content Reviewed by Romit Gulati

Comments (0)

Skip to main content