- Posts: 2
- Thank you received: 0
CSRF attack suspected
3 years 7 months ago #104927
by cmerasys
cmerasys created the topic: CSRF attack suspected
Hello,
we're using LimeSurvey for a while and have now an issue.
It's not possible to edit some answers of a question.
It always displays:
Facts are:
1) Our limesurvey installation is accessed by https, so I would say it's unlikely to have a real CSRF attack
2) Two users with different accounts work simutanouesly on a survey.
3) But even if they log out and I as a third person try to edit the respective question, I'll get this error
4) The answers are numbers (ages) - 54 different ones. The last one is, depending on the language, something with more text or e.g. "71+"
We're running Version 1.91+ Build 120302.
Would be great if somebody of you could help.
Thanks in advance!
Best regards,
Christian
we're using LimeSurvey for a while and have now an issue.
It's not possible to edit some answers of a question.
It always displays:
Security alert: Someone may be trying to use your LimeSurvey session (CSRF attack suspected). If you just clicked on a malicious link, please report this to your system administrator. Also the problem can occur when your are working/editing in LimeSurvey in several browsers/tabs at the same time.
Facts are:
1) Our limesurvey installation is accessed by https, so I would say it's unlikely to have a real CSRF attack
2) Two users with different accounts work simutanouesly on a survey.
3) But even if they log out and I as a third person try to edit the respective question, I'll get this error
4) The answers are numbers (ages) - 54 different ones. The last one is, depending on the language, something with more text or e.g. "71+"
We're running Version 1.91+ Build 120302.
Would be great if somebody of you could help.
Thanks in advance!
Best regards,
Christian
Please Log in to join the conversation.
3 years 7 months ago #105027
by cmerasys
cmerasys replied the topic: CSRF attack suspected
Problem solved.
We decided to make an update and thought this would fix the problem.
We updated to version Version 2.05+ Build 140212.
The problem still occured.
We could fix it then by
1) Deleting cookies & caches on the browsers used
2) Setting the number of max_input_vars in the php.ini to a high value. This is necessary because if you have a lot of answers in a lot of languages, this max value might be reached, because all answers of each language will be loaded into one form - eventhough only one language is being displayed at a time.
#2 definately fixed the problem.
We decided to make an update and thought this would fix the problem.
We updated to version Version 2.05+ Build 140212.
The problem still occured.
We could fix it then by
1) Deleting cookies & caches on the browsers used
2) Setting the number of max_input_vars in the php.ini to a high value. This is necessary because if you have a lot of answers in a lot of languages, this max value might be reached, because all answers of each language will be loaded into one form - eventhough only one language is being displayed at a time.
#2 definately fixed the problem.
Please Log in to join the conversation.