Skip to main content

Symptoms

  • The app redirects back to login.
  • A backend call returns unauthorized.
  • A JSON-RPC call fails with a CSRF or session error.
  • The user appears signed in but cannot access expected records.

Checks

  1. Confirm the backend is reachable.
  2. Confirm the frontend is pointed at the intended backend.
  3. Confirm the user is using the correct environment credentials.
  4. Refresh the CSRF token by loading the login page again.
  5. Confirm the user has access to the active company or tenant.

API testing shape

For API testing, authenticate against the assigned backend and send the session cookie plus X-CSRF-Token with /rpc/json. Use placeholder values only.
Share only redacted examples in documentation, support threads, or external comments. Real cookies, CSRF tokens, and passwords stay out of public material.