Introduction

This article explains how to identify and resolve a stale cookie error that prevents login to the Enterprise Business Center (EBC). A HTTP Archive (HAR) file can be used to confirm that the reason you cannot log into the EBC is because your browser has a stale cookie.

The HAR file will identify a stale cookie error with a reference to logincsrftoken. The logincsrftoken is a Cross-Site Request Forgery (CSRF) token that is present in a cookie. When there is a mismatched or stale CSRF token, the server returns a 403 or 400 error and logs the error mentioning that token. This is often caused by a browser re-assigning the token from the last time the URL was opened instead of assigning a new CSRF token. To resolve this, it is important to clear cookies or use a completely new browser session, and to ensure the URL is not carried over from a previously used session.

Resolution Steps

Complete the steps to resolve the logincsrftoken error:

1. Verify you are using the correct URL to log in to the EBC:
   • Live: ebc2.cybersource.com
   • Test: ebc2test.cybersource.com
2. Clear the cache and cookies from your web browser.
3. Use a different web browser to log in (Google Chrome, Microsoft Edge, Firefox, and so on).
4. Confirm that the web browser you are using is updated to the most current version.

HAR File Error Example

Example of the error as it appears in a HAR file using the Chrome browser:

"cookies": [],
          "content": {
              "size": 204,
              "mimeType": "application/json",
              "text": "{\"response\":{\"rmsg\":\"{\\\"submitTimeUtc\\\":\\\"2025-08-27T21:02:24.529Z\\\",\\\"status\\\":\\\"INVALID_REQUEST\\\",\\\"reason\\\":\\\"INVALID_DATA\\\",\\\"details\\\":[{\\\"field\\\":\\\"logincsrftoken\\\",\\\"reason\\\":\\\"INVALID_DATA\\\"}]}\"}}"
  

Potential Client Questions

• Why am I unable to log into the EBC?
  • Your browser may be holding a stale CSRF token from a previous session. This causes a mismatch when the server validates the token, resulting in a 403 or 400 error. Clearing your browser cookies and cache, or using a new browser session, typically resolves the issue.
• What is a logincsrftoken and why does it cause a login failure?
  • The logincsrftoken is a CSRF token stored in a browser cookie. It is used to verify that login requests are legitimate. When your browser reuses an old token instead of generating a new one, the server rejects the request as invalid.
• How can I confirm that a stale cookie is the cause of my login issue?
  • A HAR file captured during the failed login attempt will show an INVALID_DATA error referencing the logincsrftoken field in the response content. This confirms the stale cookie is the root cause.
• Which URLs should I use to access the EBC?
  • Use ebc2.cybersource.com for the Live environment and ebc2test.cybersource.com for the Test environment. Using a saved or previously copied URL from an old session may contribute to the stale token issue.
• Will clearing my cookies fix the problem permanently?
  • Clearing cookies resolves the immediate issue. To prevent recurrence, always open a new browser session when accessing the EBC and avoid using URLs saved from previous sessions.

Additional Resources

• EBC - Troubleshooting and Escalating Interface Issues
• Escalation Procedures - Generating a HAR File