Loading


Advertisement:

Author Topic: Invalid CSRF token ???  (Read 39850 times)

frosticek

  • Hero Member
  • *****
  • Posts: 3950
Re: Invalid CSRF token ???
« Reply #105 on: October 22, 2014, 11:03:58 pm »
@andrenalin
I recommend to do this just for search forms (not login, item post, ...) because of similar problems...

andrenalin

  • Newbie
  • *
  • Posts: 48
Re: Invalid CSRF token ???
« Reply #106 on: October 24, 2014, 01:52:54 am »
ok... now put all csrf classes to standard.
same problem, can´t login or register.

i get this error just on frontend
i can login in backend without problems...

this is my token

Code: [Select]
<input type="hidden" name="CSRFName" value="CSRF1901093716_411717070">
<input type="hidden" name="CSRFToken" value="633d7f72ebf4298bcb8a525ad80f58ea9a3eb29439e3fe79ebdf90330464ddc64a8dd653912e540d411fe0a875f7e8d3199184bfc493969b1190fafbac964659">

how can i exactly turn this check off?
only add the class="nocsrf" is not working

thx

frosticek

  • Hero Member
  • *****
  • Posts: 3950
Re: Invalid CSRF token ???
« Reply #107 on: October 24, 2014, 10:16:52 am »
@andrenalin
I had similar problem, it looks like csrf tokens kept mashed .... try to clear you cookies, cache etc and then again.
Not sure how to completely disable, but for me this is not good protection way. I.e. such protection should never be on search form.

andrenalin

  • Newbie
  • *
  • Posts: 48
Re: Invalid CSRF token ???
« Reply #108 on: October 24, 2014, 12:02:48 pm »
now i disabled it in search forms,
csrf was three times on main page, search, search mobile and login form,
but it is only on post and i think it is not possible how often it is on one page.

where does the hsecutity.php get the values to check from?

my safari didn´t show me some session vars, i have only some cookie vars
attached a screenshot of my cookie vars.
is it possible to have session vars? i never watch at this.

i also add the session save path and it seems to work, it save a session in the folder,


i clear my cache and also deactivate it, clear the cookies but nothing happend  >:(
just in the moment the whole work was for the trash  :-[

****
while i was writing this text i play around a little,
just as i deactivatet the google connect plugin i could login to the front end  :o

****

now i activate it back and it seems to work,
i play a little with session save path in config.php and try to find out more about sessions...
i changed the path but nothing works, i put it back to
Code: [Select]
session_save_path ( ABS_PATH . 'oc-content/uploads/' );no problems...
« Last Edit: October 24, 2014, 12:09:55 pm by andrenalin »

andrenalin

  • Newbie
  • *
  • Posts: 48
Re: Invalid CSRF token ???
« Reply #109 on: October 24, 2014, 12:43:59 pm »
no idea what exactly happened... this was just my play around...

ok, i try twice...

when i activate the google login button i get csrf token

now i deactivate it

Code: [Select]
<!--     <li><?php // gc_login_button(); ?></li>-->
there is no problem...

i send you pm to my site

frosticek

  • Hero Member
  • *****
  • Posts: 3950
Re: Invalid CSRF token ???
« Reply #110 on: October 24, 2014, 05:16:14 pm »
@andrenalin
There is no form used in whole plugin, so in this way it cannot bring any. But plugin works with session and cookies so it may keep some stored values. But as this is build in osclass function that is problematic to remove/avoid, I do not see any reason to deep inside plugin.

andrenalin

  • Newbie
  • *
  • Posts: 48
Re: Invalid CSRF token ???
« Reply #111 on: October 24, 2014, 05:21:08 pm »
when i put my site from SUBFOLDER to SUBDOMAIN for test and dev
i try another time and give feedback...

thanks for checking

frosticek

  • Hero Member
  • *****
  • Posts: 3950
Re: Invalid CSRF token ???
« Reply #112 on: October 27, 2014, 12:17:53 am »
@andrenalin
Plugin was update and now should not cause problems with CSRF tokens.
Please test and post your results here: http://forums.osclass.org/plugins-20/plugin-26119/

mrtsoftware

  • Full Member
  • ***
  • Posts: 231
Re: Invalid CSRF token ???
« Reply #113 on: November 22, 2017, 09:36:58 am »
receiving INVALID CSRF token while trying to log in site, while submit contact form, and comment...

Also auto logging out problem for admin, it is quickly logging out out after 1 second of logging.

How to solve it?

I use Bender theme

mrtsoftware

  • Full Member
  • ***
  • Posts: 231
Re: Invalid CSRF token ???
« Reply #114 on: November 22, 2017, 10:38:04 am »
I have contacted with HOST company after I am reading warning of  conejoninja under https://github.com/osclass/Osclass/issues/2190

MY HOST is corrected issue;
I asked how to correct this myself if it repreated.
Here answer ;
In your file manager -> Public_html/forum
There in the folder
Should be 2 files with the word "session" included
Or you could just search for them
I have changed the permissions on them
This issue shouldn't reoccur

------
If someone face same problem, please contact first with your host company, or try to check file manager -> Public_html/forum  as explained above.

Aficionado

  • issues
  • Hero Member
  • *
  • Posts: 5373
  • Hardliner
Re: Invalid CSRF token ???
« Reply #115 on: November 22, 2017, 04:35:28 pm »
What /forum folder are you talking about ?

And what session files are you also talking about ? Those are usually controlled by your hosting provider.

« Last Edit: November 22, 2017, 04:37:18 pm by Aficionado »

mrtsoftware

  • Full Member
  • ***
  • Posts: 231
Re: Invalid CSRF token ???
« Reply #116 on: November 30, 2017, 08:23:12 pm »
Hi
" forum" was very oudated installed PHPBB forum folder where I installed inside it.
I do not know what session, this is their answer.
I have removed this folder ( oudated script ), too. I no longer face " Invalid CSRF token " error.