Welcome, Guest
Username: Password: Remember me

TOPIC: CSRF attack suspected

CSRF attack suspected 7 months 1 week ago #104927

  • cmerasys
  • cmerasys's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 2
  • Karma: 0
Hello,

we're using LimeSurvey for a while and have now an issue.
It's not possible to edit some answers of a question.

It always displays:
Security alert: Someone may be trying to use your LimeSurvey session (CSRF attack suspected). If you just clicked on a malicious link, please report this to your system administrator. Also the problem can occur when your are working/editing in LimeSurvey in several browsers/tabs at the same time.

Facts are:
1) Our limesurvey installation is accessed by https, so I would say it's unlikely to have a real CSRF attack
2) Two users with different accounts work simutanouesly on a survey.
3) But even if they log out and I as a third person try to edit the respective question, I'll get this error
4) The answers are numbers (ages) - 54 different ones. The last one is, depending on the language, something with more text or e.g. "71+"

We're running Version 1.91+ Build 120302.
Would be great if somebody of you could help.

Thanks in advance!

Best regards,
Christian
The administrator has disabled public write access.

CSRF attack suspected 7 months 6 days ago #105027

  • cmerasys
  • cmerasys's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 2
  • Karma: 0
Problem solved.

We decided to make an update and thought this would fix the problem.
We updated to version Version 2.05+ Build 140212.

The problem still occured.
We could fix it then by

1) Deleting cookies & caches on the browsers used
2) Setting the number of max_input_vars in the php.ini to a high value. This is necessary because if you have a lot of answers in a lot of languages, this max value might be reached, because all answers of each language will be loaded into one form - eventhough only one language is being displayed at a time.

#2 definately fixed the problem.
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.096 seconds
Donation Image