Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

The CSRF token could not be verified.

  • joost1982
  • joost1982's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
9 years 3 months ago - 9 years 3 months ago #115605 by joost1982
The CSRF token could not be verified. was created by joost1982
Hi there,

I've created a closed survey with tokens and invited some people. I can see responses coming in, but one user emailed me that he cannot login. The error he got:

-- begin error --
Bad request.
The CSRF token could not be verified.

The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications.
If you think this is a server error, please contact the webmaster.
-- end error --

Can someone explain to me what is going on here?
Last edit: 9 years 3 months ago by joost1982. Reason: -
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
9 years 3 months ago #115614 by DenisChenu
Replied by DenisChenu on topic The CSRF token could not be verified.
Hi,

For security, we enable Cross-site Request Forgery Prevention from Yii .

There are a crsf token in the $_SESSION and same crsf token in the HTML page (in a hidden input).

It work, but can break in some condition : user deactivate all cookies , even $_SESSION cookies : see bug : bugs.limesurvey.org/view.php?id=9093

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose