- Posts: 13648
- Thank you received: 2491
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Error: Bad Request, CSRF Token
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
10 years 2 weeks ago #107320
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
I test with 2 installation and cookie domaine .sondages.pro : this break all system.
Can you test adding this in your .htaccess:
php_value session.cookie_domain "cdsp.sciences-po.fr"
Can you test adding this in your .htaccess:
php_value session.cookie_domain "cdsp.sciences-po.fr"
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- zobbyzobba
- Topic Author
- Offline
- New Member
Less
More
- Posts: 10
- Thank you received: 0
10 years 2 weeks ago - 10 years 2 weeks ago #107335
by zobbyzobba
Replied by zobbyzobba on topic Error: Bad Request, CSRF Token
Hi Denis,
Thanks for the answer!
Unfortunately, this don't solve the problem
in /limesurvey/path/.htaccess
This is the right .htaccess?
Moreover, the domain cookie not change in phpinfo() with this setting.
Should I remove what I've put in config.php if I put this in .htaccess?
Best Regards,
Thanks for the answer!
Unfortunately, this don't solve the problem
in /limesurvey/path/.htaccess
This is the right .htaccess?
Moreover, the domain cookie not change in phpinfo() with this setting.
Should I remove what I've put in config.php if I put this in .htaccess?
Best Regards,
Last edit: 10 years 2 weeks ago by zobbyzobba.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
10 years 2 weeks ago - 10 years 2 weeks ago #107342
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
Hi,
Not sure , testing some system, and you don't have same system than me ....
Can not find a real fix here ....
PS: did you have suhosin on this server ? If yes : deactivate it. (simulation on)
Not sure , testing some system, and you don't have same system than me ....
Can not find a real fix here ....
PS: did you have suhosin on this server ? If yes : deactivate it. (simulation on)
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Last edit: 10 years 2 weeks ago by DenisChenu.
The topic has been locked.
- Renier
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
9 years 9 months ago #110830
by Renier
Replied by Renier on topic Error: Bad Request, CSRF Token
Hi Dennis
I am experiencing the same / similar problem "Bad Request - The CSRF token could not be verified"
The problem is that my client is experiencing this intermittently when submitting pages. (which generally has less than 10 answers on)
We also don't get the problem on the same page.
From 1200 people, 350 completed successfully and only 35 complained about the error.
The problem however is that it is still a significant amount of people.
Please can you give me a idea what I could look for, or how I could go about troubleshooting this problem?
The survey uses TOKENS
Allow multiple responses or update responses with one token = NO
Enable token-based response persistence = YES
We are using Version 2.05+ Build 140618
Regards
Renier
I am experiencing the same / similar problem "Bad Request - The CSRF token could not be verified"
The problem is that my client is experiencing this intermittently when submitting pages. (which generally has less than 10 answers on)
We also don't get the problem on the same page.
From 1200 people, 350 completed successfully and only 35 complained about the error.
The problem however is that it is still a significant amount of people.
Please can you give me a idea what I could look for, or how I could go about troubleshooting this problem?
The survey uses TOKENS
Allow multiple responses or update responses with one token = NO
Enable token-based response persistence = YES
We are using Version 2.05+ Build 140618
Regards
Renier
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
9 years 9 months ago #110919
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
Hi,
Surely some session issue ?
1st idea: uncomment the database session example in your config.php
2nd idea : Disable CRSF validation : manual.limesurvey.org/Optional_settings#Request_settings
Surely some session issue ?
1st idea: uncomment the database session example in your config.php
2nd idea : Disable CRSF validation : manual.limesurvey.org/Optional_settings#Request_settings
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- id_wahyu
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
8 years 1 month ago #133352
by id_wahyu
Replied by id_wahyu on topic Error: Bad Request, CSRF Token
Hi Denis.
I got the "Bad Request CSRF token.." as well. And tried follow the link you provided, try to find it at config.php but failed, I can't find that CSRF part at the config.php
I may open the wrong config.php. Please let me know in which folder that config.php that contain CSRF?
Many thanks
Iwan Wahyu
I got the "Bad Request CSRF token.." as well. And tried follow the link you provided, try to find it at config.php but failed, I can't find that CSRF part at the config.php
I may open the wrong config.php. Please let me know in which folder that config.php that contain CSRF?
Many thanks
Iwan Wahyu
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
8 years 1 month ago #133359
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
You must ADD this part to your config.php.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The following user(s) said Thank You: id_wahyu
The topic has been locked.
- JamLizzy101
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
7 years 4 months ago #145735
by JamLizzy101
Replied by JamLizzy101 on topic Error: Bad Request, CSRF Token
Hi Denis
I was looking at this post with your response as I am going through I think the same issue here. We have LimeSurvey set up on the following domain like so: media5.co.za/limesurvey
I created on DNS server a forwarding sub-domain shortsurveys.talkinsight.com with masking so the url - http://media5/limesurvey would then show as shortsurveys.talkinsight.com
I deduced that the issue revolving around getting the message below was the fact that the framework is getting muddled up by the domain name as it knows it is media5.co.za as what is provided by the server and not shortsurveys.talkinsights.com:-
Bad Request
The CSRF token could not be verified
I saw your response to this post. I made a text addition to my config file, bt before adding this, would the below text be ok for what I had described for this to work? :-
'components' => array(
'session' => array(
'savePath' => '/limesurvey',
'cookieMode' => 'allow',
'cookieParams' => array(
'path' => '/',
'domain' => '.talkinsights.com',
'httpOnly' => true,
),
I was looking at this post with your response as I am going through I think the same issue here. We have LimeSurvey set up on the following domain like so: media5.co.za/limesurvey
I created on DNS server a forwarding sub-domain shortsurveys.talkinsight.com with masking so the url - http://media5/limesurvey would then show as shortsurveys.talkinsight.com
I deduced that the issue revolving around getting the message below was the fact that the framework is getting muddled up by the domain name as it knows it is media5.co.za as what is provided by the server and not shortsurveys.talkinsights.com:-
Bad Request
The CSRF token could not be verified
I saw your response to this post. I made a text addition to my config file, bt before adding this, would the below text be ok for what I had described for this to work? :-
'components' => array(
'session' => array(
'savePath' => '/limesurvey',
'cookieMode' => 'allow',
'cookieParams' => array(
'path' => '/',
'domain' => '.talkinsights.com',
'httpOnly' => true,
),
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11660
- Thank you received: 2742
7 years 4 months ago - 7 years 4 months ago #145737
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Error: Bad Request, CSRF Token
Offtopic: You might want to revise the text on media5.co.za:
So what you are currently saying is that visitors to your website are "one stop digital agency"?
I assume what you actually want to say is "Your one stop digital agency" I guess?
YOU'RE ONE STOP DIGITAL AGENCY.
So what you are currently saying is that visitors to your website are "one stop digital agency"?
I assume what you actually want to say is "Your one stop digital agency" I guess?
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Last edit: 7 years 4 months ago by holch.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13648
- Thank you received: 2491
7 years 4 months ago #145747
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Error: Bad Request, CSRF Token
'savePath' => '/limesurvey', : remove this : let the the default if it's OK.
I test more with
'path' => '/',
'domain' => 'shortsurveys.talkinsights.com',
but in fact : i'm unsure : depend a lot of server. This can be a broken sessionPath (but you surely don't have the right on /limesurvey directory on server.
I test more with
'path' => '/',
'domain' => 'shortsurveys.talkinsights.com',
but in fact : i'm unsure : depend a lot of server. This can be a broken sessionPath (but you surely don't have the right on /limesurvey directory on server.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- Mazi
- Offline
- Official LimeSurvey Partner
7 years 4 months ago #145859
by Mazi
Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support: survey-consulting.com
Contact: marcel.minke(at)survey-consulting.com
Replied by Mazi on topic Error: Bad Request, CSRF Token
JamLizzy101, some questions to track this down:
1. Does the problem show up at every survey session?
2. Can you check if the session (and maybe cookie) gets set up correctly when starting the survey and that there is a session file created at the appropriate folder?
3. Which exact Limesurvey version do you use?
1. Does the problem show up at every survey session?
2. Can you check if the session (and maybe cookie) gets set up correctly when starting the survey and that there is a session file created at the appropriate folder?
3. Which exact Limesurvey version do you use?
Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support: survey-consulting.com
Contact: marcel.minke(at)survey-consulting.com
The topic has been locked.