asp.net mvc - MVC anti-forgery token -

asp.net mvc - MVC anti-forgery token -

i've got public mvc 5 web-site, using anti-forgery token. every day big number of errors logged in form of "the anti-forgery cookie token , form field token not match.", , lesser number in form of "the required anti-forgery cookie "__requestverificationtoken" not present.".

the problem not reproducible, occurs different people on different pages @ different times. closing browser resolves problem - using button , re-trying resolves problem.

as website works vast bulk of users, can rule out missing validateantiforgerytoken attributes in controllers, likewise, can rule out missing or duplicate @html.antiforgerytoken() code in views.

the website runs on single server, can rule out different machinekeys in web.config (i've tried running website , without setting anyway).

the application pool set restart each night, , there's plenty of spare resource on server, can rule out application pool restarting , invalidating sessions (especially isn't logged in event log or anywhere else).

i've nail problem - have cookies enabled, can rule out cookies beingness disabled. can rule out javascript beingness disabled, user's can progress far site without js - , errors occur on pages beyond point.

i've disabled caching, setting nocache, nostore etc. seemed cut down occurrence of issue, still persisted (i had re-enable caching variety other reasons).

what other options there consider?

i frustrated considering turning off anti-forgery protection , contributing global weakening of security.

make sure have antiforgery attributes both in controller , forms.

if doing ajax post maybe can send requestvalidationtoken parameter.

$('input[name=__requestverificationtoken]').val()

also maybe attacking site or using bots content or post forms.

asp.net-mvc cookies antiforgerytoken