Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Token mismatch with an android browser

  • Csurvey
  • Csurvey's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
7 years 9 months ago #136838 by Csurvey
Hello,
i have some issues with a questionnaire.
The access is restricted by a token; after accessing, the first group of question is well displayed but after completion and clicking next,
a user reported the error message "token mismatch
The token you provided doesn't match the one in your sessions. Please wait to begin with a new session"
It seems to appear on an android tablet. I made a test with an other android device and did not get the message.

Lime survey is the Version 2.00+ Build 130406 (i can not update the installation, i have only an account on the servor).
The following parameter is on the link to the survey ....index/sid/numberofthequestionaire/newtest/Y/lang-fr

Even after closing the browser, and login one more time the same error message for the user

Many thanks by advance for your help.

Best,
Chris
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
7 years 9 months ago #136865 by DenisChenu
Replied by DenisChenu on topic Token mismatch with an android browser
I think this old version can have bug according to capitalize in token.

What is the token code ?

Denis

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • Csurvey
  • Csurvey's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
7 years 9 months ago #136889 by Csurvey
Replied by Csurvey on topic Token mismatch with an android browser
Hello Denis,
the token is manually created and embodies a series of numberLetterinUppercaseNormalcase@ (there is an alphanumerical character like @ or -
at the end, as in LS documentation it is indicated that these characters are allowed).
I have tried with many browser and never had this problem, since the parameter newest has been in the link.

I have more information now : the user use a Samsung Tab with Chrome. Once the link to the questionnaire is clicked, the first page with the first group of question load, once the response is filled, after clicking next, there is the "token mismatch" message.

I tried to use this token on a samsung phone with chrome and did not get that same message. I tried to load the group/first page of question, go to the second and then to erase the response, i got the same message, but was able to erase by actualizing the windows ...

Many thanks for your help,
Best,
Chris
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
7 years 9 months ago #136892 by DenisChenu
Replied by DenisChenu on topic Token mismatch with an android browser

n LS documentation it is indicated that these characters are allowed).

Yes : but it's indicated too : allways use the lastest build. 2.00 is clearly an outdated version and buil.

In 2.00 : if you token code is AbA, and your user enter aba : it's seems to be accepted BUT broke with this behaviour (with mysql).

Denis

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
7 years 9 months ago #136908 by holch
Replied by holch on topic Token mismatch with an android browser
What is strange is that it happens only after the first page. So Limesurvey clearly recognizes the token.

I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
7 years 9 months ago #136911 by DenisChenu
Replied by DenisChenu on topic Token mismatch with an android browser

holch wrote: What is strange is that it happens only after the first page. So Limesurvey clearly recognizes the token.

In 2.00 : if you token code is AbA, and your user enter aba : it's seems to be accepted BUT broke with this behaviour (with mysql).

We search for token with mysql : abA is same than aba : we say it's OK.

But after we test real token with token in session "abA"!="aba"

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
7 years 9 months ago #136920 by holch
Replied by holch on topic Token mismatch with an android browser
Well, the installation is running a pretty old version of LS anyway. This should definitely be upgraded to at least 2.06 LTS.

I don't get why people don't do updates. It doesn't need to be the current daily updates, but this one hasn't been updated for 3 years now.

I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

The topic has been locked.
  • Csurvey
  • Csurvey's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
7 years 9 months ago #136921 by Csurvey
Replied by Csurvey on topic Token mismatch with an android browser
Thank you Denis and Holch,
actually the first page loaded, and as i tried to understand, i made some test.

After loading the first page, the message appears if i try to erase the response/confirm. In the url the token is passed improperly, the last caracter (special like @ is missing), but forcing to actualize the navigator seem to fix the problem as i get the window for coming back to questionnaire or exit. I remember that i had somme issue to manually fill the token with the "special caracter", and had to go to the base to add it manually. So i verified if this caracters was allowed.
But as it logged well, and i tried on many browser, i thought it was ok.

For updating the version, unfortunately i have no potential in my institution, i would see if i can advertise about that sort of problem.

Would you recommend i stop using uppercase and special caracter for token ?

many thanks.

best,
Chris
The topic has been locked.
  • holch
  • holch's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
7 years 9 months ago #136928 by holch
Replied by holch on topic Token mismatch with an android browser
If it seems that the "@" is causing this, go with a simple combination of letters and numbers. It is not that you have a highly confidential information in the survey, right? Because first someone would need to know the URL, then would need to make an attack with trying thousands of combinations. Who will do that for a survey?

And I really recommend that your institution updates its LS install to 2.06 LTS (2.5, while labled stable still has a few hickups, so I would wait a little bit with that for production servers). LS has come a long way and it has improved considerably since during the last 3 years. And of course this old version doesn't received security updates. With the ComfortUpdate it has become quite easy to update LS as well.

I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

The topic has been locked.
  • Csurvey
  • Csurvey's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
7 years 9 months ago #137289 by Csurvey
Replied by Csurvey on topic Token mismatch with an android browser
Hello Holch,
sorry for my delayed response.

Many thanks for your help and all the informations.

Best,
Chris.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose