Invalid CSRF token ???

[Aficionado]

I just found out that when my address has www before the domain, invalid CSRF token occurs. I added a code to my .htaccess to force a www on my domain.

NICE catch !!!!

I'm also on a subdomain for tests. Maybe the prefixes have something to do.

[Legion]

i am getting same error please help

1st i get Warning: Cannot modify header information - headers already sent by (output started at /home/offersva/public_html/oc-includes/osclass/utils.php:1588) in /home/offersva/public_html/oc-includes/osclass/utils.php on line 1590

then when i repload i see Invalid CSRF token.   

[tomshaft]

My 2 cents.
 
Exactly what is wrong and what are the developers doing about this CSRF issue. I no longer have any 3.1/3.11 live sites being I have given up trying to overcome the problems. Ether I can not upload images or get the CSRF . I've even got that when trying to login as admin on a clean fresh installation. Never did get to see the admin side of that site.
 
This is truly sad for such a great script.
 
Tom

[Aficionado]

Today i was deleting from the admin some listings and got twice the CSRF error.

[garciademarina]

Hi,

@tomshaft, can you tell me more information about your hosting provider? maybe we can try osclass and see what happends

@Aficionado, It's possible that your session has expired? , crsf token is generated only once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires.

[Aficionado]

Hi,

@Aficionado, It's possible that your session has expired? , crsf token is generated only once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires.

I don't think so, because i hit back and continued my work in the admin.

This is a real error that happen randomly. For example sometimes logging out of the admin makes that error.

Not a major problem ...

[michnfish]

I'm also having the "Invalid CSRF Token" issue. I'm a complete newbie. On my first install of OS Class 3.1 I am unable to access the admin page at all.  I'm using Chrome, but it also happens in IE.  Chrome is up to date for sure.  I have noticed some work-arounds by making changes to php files, but I'm not experienced at coding anything, so I'm not sure if I'm doing this correctly. Have others had success by making these changes?  Are there other suggestions that I missed or do I just wait for a new release to fix the issues.

[Hunt]

Hello. First of all, I would say that it is a super program. Very flexible. :-)
 But I have the same problem as many others here with CSRF token error in the Admin. I do not know if it's been fixed in 3.1.1 and I just can not find the fix? I installed 3.1.1 and it should be fixed in 3.1.1 as far as I've read me to. I have no plugins or anything - clean installation. installing 7-10 times now but token error remains. Generally it is as if it lags in admin. If I change something in Adminit is first at my next action that I can see that there has been an action. It is just as if its not updating on action before I e.g. press a new menu button in the admin?

Does anyone experiencing the same thing - or have a solution to it?

Hunt

[waywayway]

Hello,

I have tried it with OSCLASS installation on my own home server with EASYPHP(apache, mysql, php) which is similar to WAMP.

I get the "Invalid CSRF token." after installing it on a shared web hosting site, when I try to access the admin control panel for the first time.

I dig into the php code to find that the error comes from the function osc_csrf_check() in the oc-admin/login.php script, the switch function call to  case('login_post').

What is it that my home server can do that the webhost debian server cannot?

[michnfish]

So, I've installed this script almost a week ago and I still can't even access the admin page.  I still get the "Invalid CSRF token".  Can anyone at least attempt to help me trouble shoot this?  It looks like this problem is fairly uncommon otherwise it would probably get more attention.  Is there any chance that it's because I've installed this to a sub-domain? I'm using i-page for hosting, and using filezilla for ftp.  I'm begging someone to help me   I'm more than willing to give you my admin log in etc... whatever it takes.  I had someone install this script for me previously and it worked, but they weren't making the changes I was asking so, I decided to try to learn to do it myself (hindsight is saying that might be a mistake).  I'm a newbie to this, but certainly not a newbie to troubleshooting and working through processes that are similar... PLEASE HELP!!!!!

[Hunt]

There is no corresponding - I have the same problem - Simply how it is. Those who do not have the problem does not search for it and those who can help have much else to do I guess. So that's life. Maybe it fixes itself with 3.2??? Good luck. I give up.
If you should find out how to remove the token *** please post it here.

[michnfish]

Would it get more attention to try to start another thread or would just anger people???

[michnfish]

What if I donate... would that help- I'm reaching for anything here.  Or can someone just tell me approximately when the next update is coming out??? (patience apparently isn't one of my good qualities)

[michnfish]

I contacted Ipage (host) and they  "set session.save_path in php.ini and fixed the issue."

[egemen_i]

i ve the same issue but only at USER LOGIN
admin panel works fine
i have godaddy hosting

edit: the issue only appears to be present when there is www. infront of website name. weird