Advertisement:

Author Topic: CSRF State Tokens  (Read 1977 times)

articus

  • Newbie
  • *
  • Posts: 4
CSRF State Tokens
« on: December 12, 2014, 12:50:18 am »
Ok, not being able to make heads or tails of this one really, so, humbly asking for a hand.

Im using OSClass 3.5.2
and FB Connect 1.4.1

Install was easy as pie, adding link likewise, App is configured and live however, I have some intermittent errors when trying to login.
What happens is that a lot of times, the user is not logged in at all, it just loops back to the site, and when I check the apache log, the following is shown:

[Thu Dec 11 21:29:30 2014] [error] [client 85.24.250.139] CSRF state token does not match one provided., referer: http://domain.tld

Naturally, the domain name is different.
Ive been over google a couple of times, where states are mentioned, however I lack the knowhow to investigate this any further
without a few helpful pointers.

Thank you in advance

teseo

  • Hero Member
  • *****
  • Posts: 6169
Re: CSRF State Tokens
« Reply #1 on: December 12, 2014, 01:03:25 am »
Hi,

What version of PHP are you running?

Regards

articus

  • Newbie
  • *
  • Posts: 4
Re: CSRF State Tokens
« Reply #2 on: December 12, 2014, 01:09:05 am »
PHP Version 5.5.19

teseo

  • Hero Member
  • *****
  • Posts: 6169
Re: CSRF State Tokens
« Reply #3 on: December 12, 2014, 01:12:44 am »

articus

  • Newbie
  • *
  • Posts: 4
Re: CSRF State Tokens
« Reply #4 on: December 12, 2014, 01:32:48 am »
Seems to be working now, thanks for the link. you rock!

Ill be keeping a close look on the log for a while to see if anything crops up.

articus

  • Newbie
  • *
  • Posts: 4

teseo

  • Hero Member
  • *****
  • Posts: 6169
Re: CSRF State Tokens
« Reply #6 on: December 12, 2014, 02:15:06 am »
Well, at least now we both know something new... :D Re-check the discussions about this issue on StackOverflow and other sites, it affects other software, so there must be some kind of tested solution out there... ???

Regards