Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Error: Bad Request, CSRF Token

Error: Bad Request, CSRF Token 5 months 2 weeks ago #107147

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6334
  • Thank you received: 818
  • Karma: 243
I try myself with:
php_value session.cookie_domain ".sondages.pro"
But without any other modification, LimeSurvey work great too.

But YII_CRSF cookie is set for limesurvey.sondages.pro.
I think there another restriction for all your cookie, not only your session cookie.

You can set your crsf cookie domain too. Try this in config.php
'request' => array(
            'csrfCookie' => array( 'domain' => '.sciences-po.fr' )
        ),
(I think you can leave the session cookie to .sciences-po.fr. I don't know what happend for 'Time' cookie.

If you have more information on your server, and why cookie with subdomain can not be set. Maybe you have another Yii elsewhere ?

Denis

PS: last chance: update internal.php
'enableCsrfValidation'=>false,    // CSRF protection
Last Edit: 5 months 2 weeks ago by DenisChenu.
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 5 months 1 week ago #107236

  • zobbyzobba
  • zobbyzobba's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hi,

Forcing CSRF domain not help :(

Deactivation of CSRF give me an error page which said that my session is expired, all the time. Even if my cookie cache is cleared.

If you have more information on your server, and why cookie with subdomain can not be set. Maybe you have another Yii elsewhere ?

My server is running Apache 2.2 with PHP 5.5.9, I don't have other Yii applications, but I have a Piwik and a personal PHP site which are working great and use PHP sessions and cookies like Limesurvey.
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 5 months 1 week ago #107320

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6334
  • Thank you received: 818
  • Karma: 243
I test with 2installation and cookie domaine .sondages.pro : this break all system.

Can you test adding this in your .htaccess:
php_value session.cookie_domain "cdsp.sciences-po.fr"
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 5 months 1 week ago #107335

  • zobbyzobba
  • zobbyzobba's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hi Denis,

Thanks for the answer!

Unfortunately, this don't solve the problem :unsure:
in /limesurvey/path/.htaccess

This is the right .htaccess?

Moreover, the domain cookie not change in phpinfo() with this setting.
Should I remove what I've put in config.php if I put this in .htaccess?

Best Regards,
Last Edit: 5 months 1 week ago by zobbyzobba.
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 5 months 1 week ago #107342

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6334
  • Thank you received: 818
  • Karma: 243
Hi,

Not sure , testing some system, and you don't have same system than me ....
Can not find a real fix here ....

PS: did you have suhosin on this server ? If yes : deactivate it. (simulation on)
Last Edit: 5 months 1 week ago by DenisChenu.
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 2 months 1 week ago #110830

  • Renier
  • Renier's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 6
  • Karma: 0
Hi Dennis

I am experiencing the same / similar problem "Bad Request - The CSRF token could not be verified"
The problem is that my client is experiencing this intermittently when submitting pages. (which generally has less than 10 answers on)
We also don't get the problem on the same page.

From 1200 people, 350 completed successfully and only 35 complained about the error.
The problem however is that it is still a significant amount of people.

Please can you give me a idea what I could look for, or how I could go about troubleshooting this problem?

The survey uses TOKENS
Allow multiple responses or update responses with one token = NO
Enable token-based response persistence = YES
We are using Version 2.05+ Build 140618

Regards
Renier
The administrator has disabled public write access.

Error: Bad Request, CSRF Token 2 months 5 days ago #110919

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6334
  • Thank you received: 818
  • Karma: 243
Hi,

Surely some session issue ?

1st idea: uncomment the database session example in your config.php
2nd idea : Disable CRSF validation : manual.limesurvey.org/Optional_settings#Request_settings
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Moderators: ITEd
Time to create page: 0.256 seconds
Donation Image