- Posts: 10
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Error: Bad Request, CSRF Token
- zobbyzobba
- Topic Author
- Offline
- New Member
Less
More
10 years 3 weeks ago #107096
by zobbyzobba
Error: Bad Request, CSRF Token was created by zobbyzobba
Hi everyone,
When we try to do a survey, after clicking the first "Next" button on the Welcome screen, we get the error:
Bad Request
The CRSF token could not be verified.
The request could not be understood by the server due to malformed syntax. blah blah...
I've the last stable version 2.05+ build 140320. This only appear when we're not logged to the admin console.
Using invitation or not have the same result.
There no PHP errors in Apache logs.
I've already read this wiki manual.limesurvey.org/Troubleshooting#Af...d_not_be_verified.27
But don't solve the problem...
I might be a server config stuff, but I don't know what..
Have you any ideas to help me ?
Best Regards
When we try to do a survey, after clicking the first "Next" button on the Welcome screen, we get the error:
Bad Request
The CRSF token could not be verified.
The request could not be understood by the server due to malformed syntax. blah blah...
I've the last stable version 2.05+ build 140320. This only appear when we're not logged to the admin console.
Using invitation or not have the same result.
There no PHP errors in Apache logs.
I've already read this wiki manual.limesurvey.org/Troubleshooting#Af...d_not_be_verified.27
But don't solve the problem...
I might be a server config stuff, but I don't know what..
Have you any ideas to help me ?
Best Regards
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13645
- Thank you received: 2491
10 years 3 weeks ago #107101
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
Hi,
Did you trye wuth default template ?
Did you trye wuth default template ?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- zobbyzobba
- Topic Author
- Offline
- New Member
Less
More
- Posts: 10
- Thank you received: 0
10 years 3 weeks ago #107107
by zobbyzobba
Replied by zobbyzobba on topic Error: Bad Request, CSRF Token
Hello,
Yes, I trying from a fresh install, with basic survey with default template.
Sorry, I've forgot to specify that.
I really lost with this porblem.
Yes, I trying from a fresh install, with basic survey with default template.
Sorry, I've forgot to specify that.
I really lost with this porblem.
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13645
- Thank you received: 2491
10 years 3 weeks ago #107111
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
Can you give us a link to test ?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- zobbyzobba
- Topic Author
- Offline
- New Member
Less
More
- Posts: 10
- Thank you received: 0
10 years 3 weeks ago #107112
by zobbyzobba
Replied by zobbyzobba on topic Error: Bad Request, CSRF Token
Yep, you can try this one:
cdsp.sciences-po.fr/limesurvey2/index.ph...s6ckrivweq3a/lang/en
(Link is from the mail invitation)
cdsp.sciences-po.fr/limesurvey2/index.ph...s6ckrivweq3a/lang/en
(Link is from the mail invitation)
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13645
- Thank you received: 2491
10 years 3 weeks ago - 10 years 3 weeks ago #107113
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
Hi,
Strange : the phpadmin session cookie is set for .sciences-po.fr and /
Not for cdsp.sciences-po.fr
I think the problem is here
I never test 'global domain cookie'
Maybe you can trye:
www.yiiframework.com/wiki/135/single-sig...multiple-subdomains/
Strange : the phpadmin session cookie is set for .sciences-po.fr and /
Not for cdsp.sciences-po.fr
I think the problem is here
I never test 'global domain cookie'
Maybe you can trye:
www.yiiframework.com/wiki/135/single-sig...multiple-subdomains/
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Last edit: 10 years 3 weeks ago by DenisChenu.
The topic has been locked.
- zobbyzobba
- Topic Author
- Offline
- New Member
Less
More
- Posts: 10
- Thank you received: 0
10 years 3 weeks ago #107133
by zobbyzobba
Replied by zobbyzobba on topic Error: Bad Request, CSRF Token
Hello,
You've pointed the right problem!
I've set your code in config.php. It seem to be applied in phpinfo, but don't solve the problem.
I've a question, the cookie path should be /limesurvey in my case ?
I put this in config.php:
I've also try with "/" in path variable.
This don't work
BUT, I've modified my php.ini with:
session.cookie_path = /limesurvey2
session.cookie_domain = cdsp.sciences-po.fr
And this solved my problem ! Not surveys are all accessible, no CSRF errors.
But the settings is global, and limesurvey is not my only PHP application... the PHP site at / have now PHP Session troubles..
I need to find a way to make this work on local limesurvey site.
I don't know why it don't work with the config in config.php, even though the settings are visible in limesurvey's phpinfo
Thanks for this progress
Hope to solve this soon...
You've pointed the right problem!
I've set your code in config.php. It seem to be applied in phpinfo, but don't solve the problem.
I've a question, the cookie path should be /limesurvey in my case ?
I put this in config.php:
Code:
'session' => array( 'savePath' => '/my/path/to/limesurvey2/tmp/sessions/', 'cookieMode' => 'allow', 'cookieParams' => array( 'path' => '/limesurvey2', 'domain' => 'cdsp.sciences-po.fr', 'httpOnly' => true, ), ),
I've also try with "/" in path variable.
This don't work
BUT, I've modified my php.ini with:
session.cookie_path = /limesurvey2
session.cookie_domain = cdsp.sciences-po.fr
And this solved my problem ! Not surveys are all accessible, no CSRF errors.
But the settings is global, and limesurvey is not my only PHP application... the PHP site at / have now PHP Session troubles..
I need to find a way to make this work on local limesurvey site.
I don't know why it don't work with the config in config.php, even though the settings are visible in limesurvey's phpinfo
Thanks for this progress
Hope to solve this soon...
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13645
- Thank you received: 2491
10 years 3 weeks ago - 10 years 3 weeks ago #107139
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
No:
'domain' => 'cdsp.sciences-po.fr',
but
'domain' => '.sciences-po.fr',
I think domain is set somewhere on your apache config. You can't update it in LimeSurvey config. But MAYBE you can set the LimeSurvey config to use the good domain.
Denis
PS: try use:
'domain' => 'cdsp.sciences-po.fr',
but
'domain' => '.sciences-po.fr',
I think domain is set somewhere on your apache config. You can't update it in LimeSurvey config. But MAYBE you can set the LimeSurvey config to use the good domain.
Denis
PS: try use:
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Last edit: 10 years 3 weeks ago by DenisChenu.
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13645
- Thank you received: 2491
10 years 3 weeks ago #107140
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
Another alternative : use DB session (uncomment the part in config.php file).
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- zobbyzobba
- Topic Author
- Offline
- New Member
Less
More
- Posts: 10
- Thank you received: 0
10 years 3 weeks ago #107146
by zobbyzobba
Replied by zobbyzobba on topic Error: Bad Request, CSRF Token
Hi,
I've tried with exactly your code, not work better
Also tried with DB sessions, the table lime_sessions is populated, but still the same problem.
The only thing that I've changed and which "solved" my problem is the cookie path, do you think we should look in that way ?
I'm reading docs about this parameter, but all I read is the contrary of what happen on my server
I've tried with exactly your code, not work better
Also tried with DB sessions, the table lime_sessions is populated, but still the same problem.
The only thing that I've changed and which "solved" my problem is the cookie path, do you think we should look in that way ?
I'm reading docs about this parameter, but all I read is the contrary of what happen on my server
The topic has been locked.
- DenisChenu
- Away
- LimeSurvey Community Team
Less
More
- Posts: 13645
- Thank you received: 2491
10 years 3 weeks ago - 10 years 3 weeks ago #107147
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
I try myself with:
But without any other modification, LimeSurvey work great too.
But YII_CRSF cookie is set for limesurvey.sondages.pro.
I think there another restriction for all your cookie, not only your session cookie.
You can set your crsf cookie domain too. Try this in config.php (I think you can leave the session cookie to .sciences-po.fr. I don't know what happend for 'Time' cookie.
If you have more information on your server, and why cookie with subdomain can not be set. Maybe you have another Yii elsewhere ?
Denis
PS: last chance: update internal.php
Code:
php_value session.cookie_domain ".sondages.pro"
But YII_CRSF cookie is set for limesurvey.sondages.pro.
I think there another restriction for all your cookie, not only your session cookie.
You can set your crsf cookie domain too. Try this in config.php (I think you can leave the session cookie to .sciences-po.fr. I don't know what happend for 'Time' cookie.
If you have more information on your server, and why cookie with subdomain can not be set. Maybe you have another Yii elsewhere ?
Denis
PS: last chance: update internal.php
Code:
'enableCsrfValidation'=>false, // CSRF protection
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Last edit: 10 years 3 weeks ago by DenisChenu.
The topic has been locked.
- zobbyzobba
- Topic Author
- Offline
- New Member
Less
More
- Posts: 10
- Thank you received: 0
10 years 2 weeks ago #107236
by zobbyzobba
Replied by zobbyzobba on topic Error: Bad Request, CSRF Token
Hi,
Forcing CSRF domain not help
Deactivation of CSRF give me an error page which said that my session is expired, all the time. Even if my cookie cache is cleared.
My server is running Apache 2.2 with PHP 5.5.9, I don't have other Yii applications, but I have a Piwik and a personal PHP site which are working great and use PHP sessions and cookies like Limesurvey.
Forcing CSRF domain not help
Deactivation of CSRF give me an error page which said that my session is expired, all the time. Even if my cookie cache is cleared.
If you have more information on your server, and why cookie with subdomain can not be set. Maybe you have another Yii elsewhere ?
My server is running Apache 2.2 with PHP 5.5.9, I don't have other Yii applications, but I have a Piwik and a personal PHP site which are working great and use PHP sessions and cookies like Limesurvey.
The topic has been locked.