CSRF attack suspected

4 years 2 months ago #104927 by cmerasys
cmerasys created the topic: CSRF attack suspected

we're using LimeSurvey for a while and have now an issue.
It's not possible to edit some answers of a question.

It always displays:

Security alert: Someone may be trying to use your LimeSurvey session (CSRF attack suspected). If you just clicked on a malicious link, please report this to your system administrator. Also the problem can occur when your are working/editing in LimeSurvey in several browsers/tabs at the same time.

Facts are:
1) Our limesurvey installation is accessed by https, so I would say it's unlikely to have a real CSRF attack
2) Two users with different accounts work simutanouesly on a survey.
3) But even if they log out and I as a third person try to edit the respective question, I'll get this error
4) The answers are numbers (ages) - 54 different ones. The last one is, depending on the language, something with more text or e.g. "71+"

We're running Version 1.91+ Build 120302.
Would be great if somebody of you could help.

Thanks in advance!

Best regards,

Please Log in or Create an account to join the conversation.

4 years 2 months ago #105027 by cmerasys
cmerasys replied the topic: CSRF attack suspected
Problem solved.

We decided to make an update and thought this would fix the problem.
We updated to version Version 2.05+ Build 140212.

The problem still occured.
We could fix it then by

1) Deleting cookies & caches on the browsers used
2) Setting the number of max_input_vars in the php.ini to a high value. This is necessary because if you have a lot of answers in a lot of languages, this max value might be reached, because all answers of each language will be loaded into one form - eventhough only one language is being displayed at a time.

#2 definately fixed the problem.

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!