If you see this error message when logging into your Todoist account, don’t panic– there are simple solutions depending on which browser you use.
The “Invalid or missing CSRF token” message means that your browser couldn’t create a secure cookie, or couldn’t access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.
To address this issue, follow these steps.
- Open Chrome Settings.
- Scroll to the bottom and click on Advanced.
- In the Privacy and security section, click the Content Settings button.
- Click on Cookies.
- Next to Allow, click Add.
- Type [*.]todoist.com and click Add.
- Then type [*.]cloudfront.net and click Add.
- Under All cookies and site data, search for todoist, and delete all Todoist-related entries.
- Reload Chrome and log into Todoist.
- Open the Firefox Options menu.
- On the left, select Privacy & Security.
- Under Cookies and Site Data click the Exceptions button.
- Type https://todoist.com and click Allow.
- Then type https://cloudfront.net and click Allow.
- Click Save Changes.
- Next, click on the Manage Data… button.
- Search for "todoist" and select Remove All Shown.
- Click Save Changes and confirm in the pop-up window by clicking Remove.
- Reload Firefox and log into Todoist.
If this alone won't help, please go to Cookies and Site Data, and set “Accept third-party cookies and site data” to either "From Visited" or "Always".
- Open Safari Preferences from the drop-down menu in the navigation bar or by typing Cmd + , (⌘,).
- Click the Privacy tab and make sure that "Cookies and website data" is set to either "Always allow" or "Allow from websites I visit".
- Click on the Manage Website Data button to see all locally stored website data.
- Search for “Todoist” and remove all Todoist-related entries.
- Reload Safari and log into Todoist.