Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Error: Bad Request, CSRF Token

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107096

  • zobbyzobba
  • zobbyzobba's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hi everyone,

When we try to do a survey, after clicking the first "Next" button on the Welcome screen, we get the error:

Bad Request

The CRSF token could not be verified.

The request could not be understood by the server due to malformed syntax. blah blah...


I've the last stable version 2.05+ build 140320. This only appear when we're not logged to the admin console.
Using invitation or not have the same result.

There no PHP errors in Apache logs.

I've already read this wiki manual.limesurvey.org/Troubleshooting#Af...d_not_be_verified.27
But don't solve the problem...

I might be a server config stuff, but I don't know what..

Have you any ideas to help me ?

Best Regards
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107101

  • DenisChenu
  • DenisChenu's Avatar
  • NOW ONLINE
  • Moderator Lime
  • Posts: 6227
  • Thank you received: 793
  • Karma: 238
Hi,

Did you trye wuth default template ?
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107107

  • zobbyzobba
  • zobbyzobba's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hello,

Yes, I trying from a fresh install, with basic survey with default template.
Sorry, I've forgot to specify that.

I really lost with this porblem. :(
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107111

  • DenisChenu
  • DenisChenu's Avatar
  • NOW ONLINE
  • Moderator Lime
  • Posts: 6227
  • Thank you received: 793
  • Karma: 238
Can you give us a link to test ?
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107112

  • zobbyzobba
  • zobbyzobba's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Yep, you can try this one:
cdsp.sciences-po.fr/limesurvey2/index.ph...s6ckrivweq3a/lang/en

(Link is from the mail invitation)
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107113

  • DenisChenu
  • DenisChenu's Avatar
  • NOW ONLINE
  • Moderator Lime
  • Posts: 6227
  • Thank you received: 793
  • Karma: 238
Hi,

Strange : the phpadmin session cookie is set for .sciences-po.fr and /
Not for cdsp.sciences-po.fr

I think the problem is here

I never test 'global domain cookie'

Maybe you can trye:
www.yiiframework.com/wiki/135/single-sig...multiple-subdomains/
'session' => array(
        'savePath' => '/some/writeable/path',
        'cookieMode' => 'allow',
        'cookieParams' => array(
            'path' => '/',
            'domain' => '.sciences-po.fr',
            'httpOnly' => true,
        ),
    ),
Last Edit: 3 months 3 weeks ago by DenisChenu.
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107133

  • zobbyzobba
  • zobbyzobba's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hello,

You've pointed the right problem!

I've set your code in config.php. It seem to be applied in phpinfo, but don't solve the problem.
I've a question, the cookie path should be /limesurvey in my case ?

I put this in config.php:
 'session' => array(
                        'savePath' => '/my/path/to/limesurvey2/tmp/sessions/',
                        'cookieMode' => 'allow',
                        'cookieParams' => array(
                        'path' => '/limesurvey2',
                        'domain' => 'cdsp.sciences-po.fr',
                        'httpOnly' => true,
                        ),
                ),

I've also try with "/" in path variable.

This don't work :angry:

BUT, I've modified my php.ini with:
session.cookie_path = /limesurvey2
session.cookie_domain = cdsp.sciences-po.fr

And this solved my problem ! Not surveys are all accessible, no CSRF errors.

But the settings is global, and limesurvey is not my only PHP application... the PHP site at / have now PHP Session troubles..

I need to find a way to make this work on local limesurvey site.

I don't know why it don't work with the config in config.php, even though the settings are visible in limesurvey's phpinfo

Thanks for this progress :)

Hope to solve this soon...
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107139

  • DenisChenu
  • DenisChenu's Avatar
  • NOW ONLINE
  • Moderator Lime
  • Posts: 6227
  • Thank you received: 793
  • Karma: 238
No:
'domain' => 'cdsp.sciences-po.fr',

but
'domain' => '.sciences-po.fr',

I think domain is set somewhere on your apache config. You can't update it in LimeSurvey config. But MAYBE you can set the LimeSurvey config to use the good domain.

Denis
PS: try use:
'session' => array(
        'cookieMode' => 'allow',
        'cookieParams' => array(
            'path' => '/',
            'domain' => '.sciences-po.fr',
            'httpOnly' => true,
        ),
    ),
Last Edit: 3 months 3 weeks ago by DenisChenu.
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107140

  • DenisChenu
  • DenisChenu's Avatar
  • NOW ONLINE
  • Moderator Lime
  • Posts: 6227
  • Thank you received: 793
  • Karma: 238
Another alternative : use DB session (uncomment the part in config.php file).
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 3 months 3 weeks ago #107146

  • zobbyzobba
  • zobbyzobba's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hi,


I've tried with exactly your code, not work better :(

Also tried with DB sessions, the table lime_sessions is populated, but still the same problem.

The only thing that I've changed and which "solved" my problem is the cookie path, do you think we should look in that way ?
I'm reading docs about this parameter, but all I read is the contrary of what happen on my server :(
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Moderators: ITEd
Time to create page: 0.285 seconds
Donation Image