CSRF attack suspected

4 years 1 week ago #104927 by cmerasys
cmerasys created the topic: CSRF attack suspected

we're using LimeSurvey for a while and have now an issue.
It's not possible to edit some answers of a question.

It always displays:

Security alert: Someone may be trying to use your LimeSurvey session (CSRF attack suspected). If you just clicked on a malicious link, please report this to your system administrator. Also the problem can occur when your are working/editing in LimeSurvey in several browsers/tabs at the same time.

Facts are:
1) Our limesurvey installation is accessed by https, so I would say it's unlikely to have a real CSRF attack
2) Two users with different accounts work simutanouesly on a survey.
3) But even if they log out and I as a third person try to edit the respective question, I'll get this error
4) The answers are numbers (ages) - 54 different ones. The last one is, depending on the language, something with more text or e.g. "71+"

We're running Version 1.91+ Build 120302.
Would be great if somebody of you could help.

Thanks in advance!

Best regards,

Please Log in to join the conversation.

4 years 1 week ago #105027 by cmerasys
cmerasys replied the topic: CSRF attack suspected
Problem solved.

We decided to make an update and thought this would fix the problem.
We updated to version Version 2.05+ Build 140212.

The problem still occured.
We could fix it then by

1) Deleting cookies & caches on the browsers used
2) Setting the number of max_input_vars in the php.ini to a high value. This is necessary because if you have a lot of answers in a lot of languages, this max value might be reached, because all answers of each language will be loaded into one form - eventhough only one language is being displayed at a time.

#2 definately fixed the problem.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!