CSRF attack suspected

Mehr
3 Jahre 11 Monate her #104927 von cmerasys
cmerasys erstellte das Thema CSRF attack suspected
Hello,

we're using LimeSurvey for a while and have now an issue.
It's not possible to edit some answers of a question.

It always displays:

Security alert: Someone may be trying to use your LimeSurvey session (CSRF attack suspected). If you just clicked on a malicious link, please report this to your system administrator. Also the problem can occur when your are working/editing in LimeSurvey in several browsers/tabs at the same time.


Facts are:
1) Our limesurvey installation is accessed by https, so I would say it's unlikely to have a real CSRF attack
2) Two users with different accounts work simutanouesly on a survey.
3) But even if they log out and I as a third person try to edit the respective question, I'll get this error
4) The answers are numbers (ages) - 54 different ones. The last one is, depending on the language, something with more text or e.g. "71+"

We're running Version 1.91+ Build 120302.
Would be great if somebody of you could help.

Thanks in advance!

Best regards,
Christian

Bitte Anmelden um an der Konversation teilzunehmen.

Mehr
3 Jahre 11 Monate her #105027 von cmerasys
cmerasys antwortete auf das Thema: CSRF attack suspected
Problem solved.

We decided to make an update and thought this would fix the problem.
We updated to version Version 2.05+ Build 140212.

The problem still occured.
We could fix it then by

1) Deleting cookies & caches on the browsers used
2) Setting the number of max_input_vars in the php.ini to a high value. This is necessary because if you have a lot of answers in a lot of languages, this max value might be reached, because all answers of each language will be loaded into one form - eventhough only one language is being displayed at a time.

#2 definately fixed the problem.

Bitte Anmelden um an der Konversation teilzunehmen.

Jetzt loslegen!

Melden Sie sich jetzt an, und erstellen Sie in wenigen Minuten Ihre erste Umfrage.

Account einrichten

Abonnieren Sie unseren Newsletter

Abonnieren Sie unseren Newsletter für alle Neuigkeiten rund um LimeSurvey
captcha