Invalid CSRF token ???

[frosticek]

@andrenalin
I recommend to do this just for search forms (not login, item post, ...) because of similar problems...

[andrenalin]

ok... now put all csrf classes to standard.
same problem, can´t login or register.

i get this error just on frontend
i can login in backend without problems...

this is my token

Code: [Select]

<input type="hidden" name="CSRFName" value="CSRF1901093716_411717070">
<input type="hidden" name="CSRFToken" value="633d7f72ebf4298bcb8a525ad80f58ea9a3eb29439e3fe79ebdf90330464ddc64a8dd653912e540d411fe0a875f7e8d3199184bfc493969b1190fafbac964659">
how can i exactly turn this check off?
only add the class="nocsrf" is not working

thx

[frosticek]

@andrenalin
I had similar problem, it looks like csrf tokens kept mashed .... try to clear you cookies, cache etc and then again.
Not sure how to completely disable, but for me this is not good protection way. I.e. such protection should never be on search form.

[andrenalin]

now i disabled it in search forms,
csrf was three times on main page, search, search mobile and login form,
but it is only on post and i think it is not possible how often it is on one page.

where does the hsecutity.php get the values to check from?

my safari didn´t show me some session vars, i have only some cookie vars
attached a screenshot of my cookie vars.
is it possible to have session vars? i never watch at this.

i also add the session save path and it seems to work, it save a session in the folder,


i clear my cache and also deactivate it, clear the cookies but nothing happend 
just in the moment the whole work was for the trash 

****
while i was writing this text i play around a little,
just as i deactivatet the google connect plugin i could login to the front end 

****

now i activate it back and it seems to work,
i play a little with session save path in config.php and try to find out more about sessions...
i changed the path but nothing works, i put it back to

Code: [Select]

session_save_path ( ABS_PATH . 'oc-content/uploads/' );no problems...

[andrenalin]

no idea what exactly happened... this was just my play around...

ok, i try twice...

when i activate the google login button i get csrf token

now i deactivate it

Code: [Select]

<!--     <li><?php // gc_login_button(); ?></li>-->
there is no problem...

i send you pm to my site

[frosticek]

@andrenalin
There is no form used in whole plugin, so in this way it cannot bring any. But plugin works with session and cookies so it may keep some stored values. But as this is build in osclass function that is problematic to remove/avoid, I do not see any reason to deep inside plugin.

[andrenalin]

when i put my site from SUBFOLDER to SUBDOMAIN for test and dev
i try another time and give feedback...

thanks for checking

[frosticek]

@andrenalin
Plugin was update and now should not cause problems with CSRF tokens.
Please test and post your results here: http://forums.osclass.org/plugins-20/plugin-26119/

[mrtsoftware]

receiving INVALID CSRF token while trying to log in site, while submit contact form, and comment...

Also auto logging out problem for admin, it is quickly logging out out after 1 second of logging.

How to solve it?

I use Bender theme

[mrtsoftware]

I have contacted with HOST company after I am reading warning of  conejoninja under https://github.com/osclass/Osclass/issues/2190

MY HOST is corrected issue;
I asked how to correct this myself if it repreated.
Here answer ;
In your file manager -> Public_html/forum
There in the folder
Should be 2 files with the word "session" included
Or you could just search for them
I have changed the permissions on them
This issue shouldn't reoccur

------
If someone face same problem, please contact first with your host company, or try to check file manager -> Public_html/forum  as explained above.

[Aficionado]

What /forum folder are you talking about ?

And what session files are you also talking about ? Those are usually controlled by your hosting provider.

[mrtsoftware]

Hi
" forum" was very oudated installed PHPBB forum folder where I installed inside it.
I do not know what session, this is their answer.
I have removed this folder ( oudated script ), too. I no longer face " Invalid CSRF token " error.