Author Topic: Invalid CSRF token ??? (Read 49904 times)

Anti-NWO · « **Reply #30 on:** March 02, 2013, 04:09:50 am »

I am also experiencing this error message. After installing and trying to login to the admin interface, I get the CSRF token error. Can't login to make any changes at all...

Anti-NWO · « **Reply #31 on:** March 03, 2013, 02:14:40 pm »

This finally got me in to my admin dashboard:

Add this in the config.php file (I just pasted it in line #2):

session_save_path ( ABS_PATH . 'oc-content/uploads/' );

Thanks Conejo. I found this in one of your posts from 2011 and it worked for me.

_CONEJO · « **Reply #32 on:** March 03, 2013, 02:28:03 pm »

Quote from: Anti-NWO on March 03, 2013, 02:14:40 pm

This finally got me in to my admin dashboard:

Add this in the config.php file (I just pasted it in line #2):

session_save_path ( ABS_PATH . 'oc-content/uploads/' );

Thanks Conejo. I found this in one of your posts from 2011 and it worked for me.

Thanks to you,

Now we'll add some extra check to know if you could use sessions or not. It's strange that it let you install it without session path being writable...

Thanks again

blackspade · « **Reply #33 on:** March 03, 2013, 06:51:51 pm »

@Anti-NWO

I did what you mentioned for config.php file. And its working, now i am able to login admin account and register new account too.

kcguy · « **Reply #34 on:** March 03, 2013, 07:01:20 pm »

I sure hope this CSRF Token ordeal will not be the death of osclass..... I mean is it possible to just do away with the token all together?

?

Was this not spotted during beta?

_CONEJO · « **Reply #35 on:** March 03, 2013, 07:17:02 pm »

Quote from: kcguy on March 03, 2013, 07:01:20 pm

I sure hope this CSRF Token ordeal will not be the death of osclass..... I mean is it possible to just do away with the token all together??

Was this not spotted during beta?

Hi kcguy

I think the amount of user's with this problem is very few, anyway, we're working on it.

No, it wasn't spotted on our tests. There're several reasons to get this same error :

* A bad theme (not closing a </form> tag, as it happened with real estate theme)
* Double form submit (we're not sure how this happens, or why, it has to do something with reCAPTCHA)
* Session folder not being writable

Last one is very strange, I mean, if Osclass was working fine BEFORE, you don't need to modify the session folder. I could only think, that now, we're writting a bit more data on the session, so maybe the server's folder is full (if you're on a shared server it's more probable).

Anyway, I'm sorry for all the trouble. The amount of different servers and configuration I have access is very limited, all I could tell is that in my own machine as well as on the test server it worked, none of the people who used the RC (release candidate) version spotted this (or they didn't tell us). Note: people who used the RC version DID report bugs and improvements, helping me a lot.

kcguy · « **Reply #36 on:** March 03, 2013, 07:45:48 pm »

_Conejo,

You are the man and I know you guys WILL get it all worked out in time.

I mean Like you said it is very wierd that this is happening to a select few of us.

Or perhaps the select few of us are the only ones who have upgraded.

I also think it is wierd how wide spread this problem is with the token. Hitting all different aspects of the functions. It almost tells me the token does not seem to be compatible with the system. ( I dont know ) What i mean by that is that reading this, the token problem is all over the place so it is hard to narrow it down to really one area of whats causing it. I know that will make it harder to offer the right solution for everyone.

Was this token implemented with this new update or has it always been there. If it was not there then why was it put there. Are we trying to reinvent the wheel here with each update or are we simply trying to make the current version more stable. It seems that the core of osclass is pretty solid and all users were requesting was pretty much new plug ins, not a new wheel per say

My frustration is with the mobile phone part. I mean no one takes pictures then puts them onto their computers and then posts them on a site. Everything is done via mobile phone these days. as far as the captcha goes I am not sure if thats it, as I get the token problem with and without the captcha...

As far as my server goes I would think being as they offer your osclass software that is is compatible with their systems. That was one of the main things I looked for when shopping for the hosting company.

I am not trying to tell you guys how to operate or bash osclass as you guys have done an outstanding job with the system, I am just venting a bit..... I love the system and I am just wanting it to preform as it should and I am sure you guys feel the same way.

web2graphics · « **Reply #37 on:** March 04, 2013, 12:26:25 pm »

Quote from: _CONEJO on March 03, 2013, 07:17:02 pm

Quote from: kcguy on March 03, 2013, 07:01:20 pm
I sure hope this CSRF Token ordeal will not be the death of osclass..... I mean is it possible to just do away with the token all together??

Was this not spotted during beta?

Hi kcguy

I think the amount of user's with this problem is very few, anyway, we're working on it.

No, it wasn't spotted on our tests. There're several reasons to get this same error :

* A bad theme (not closing a </form> tag, as it happened with real estate theme)
* Double form submit (we're not sure how this happens, or why, it has to do something with reCAPTCHA)
* Session folder not being writable

Last one is very strange, I mean, if Osclass was working fine BEFORE, you don't need to modify the session folder. I could only think, that now, we're writting a bit more data on the session, so maybe the server's folder is full (if you're on a shared server it's more probable).

Anyway, I'm sorry for all the trouble. The amount of different servers and configuration I have access is very limited, all I could tell is that in my own machine as well as on the test server it worked, none of the people who used the RC (release candidate) version spotted this (or they didn't tell us). Note: people who used the RC version DID report bugs and improvements, helping me a lot.

I also have the same problem! right from the fresh install of osc v3.1! any invalid username/pass raises that error!

_CONEJO · « **Reply #38 on:** March 04, 2013, 12:29:12 pm »

Please,

Add this on line # of config.php

Code: [Select]

session_save_path ( ABS_PATH . 'oc-content/uploads/' );
And tell us if that worked

kcguy · « **Reply #39 on:** March 04, 2013, 04:27:56 pm »

Quote from: _CONEJO on March 04, 2013, 12:29:12 pm

Please,

Add this on line # of config.php

Code: [Select]
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
And tell us if that worked

Who is this directed to Conejo and what line # does it need placed at>:

kcguy · « **Reply #40 on:** March 04, 2013, 04:49:47 pm »

Ok tested it 3 time on the mobile phone samsung galaxy s3.

1st test worked with no problems

2nd test token issue again but this time for some reason it allowed the post to go through anyway.

3rd test token issue again but this time for some reason it allowed the post to go through

I am adding images with the catpcha on\

Hope it helps and I dont think the code was a real solution...

admymotor · « **Reply #41 on:** March 04, 2013, 10:27:37 pm »

I was getting it when posting an ad, but the ad would actually appear on the site, just tried logging onto my site as a user, and it came up then. Tried adding the above to line 2 of config, still the same.

Im using my ipad, latest osclass version, just reinstalled fresh, and im using capthca.

_CONEJO · « **Reply #42 on:** March 05, 2013, 03:28:18 pm »

*** IMPORTANT NOTE ***
Make a backup first!

If you were having problems with CSRF token when posting a listing, please, replace your files with the one in the zip located here http://www.conejo.me/files/Osclass-hotfixes-9529a85e3e.zip

Make a backup first!
You only need to replace the files and fix permissions of files and folders (root and oc-content should be writable), no update process, no database changes, no re-installation.

Remember to make a backup of your files first. I think I finally found the problem and the solution for the CSRF token problem. I want to test it out (I already tested it on android emulator, my Samsung Galaxy S2, JR's iphone ¿4?, I haven't more devices at hand). It would be great if you want to test it and share your problems.

If you get the token problem ALWAYS, specially trying to access your admin panel
Please, paste this code on the second line of your config.php

Code: [Select]

session_save_path ( ABS_PATH . 'oc-content/uploads/' );

If you still have problems, tell me. I want to fix them, please provide as much information as you could.

Once we know this is the fix, we'll release a new version (3.1.1) of Osclass, via the automatic update, you will be able to update as usual.

If you have problems with update process or images not being able to upload, this is not the topic for you, but contact me and tell me as much as you can about it, I will try to fix them as soon as possible.

kcguy · « **Reply #43 on:** March 05, 2013, 06:44:20 pm »

Backing up files now and will post results when I test it out. Fingers crossed!!!!

kcguy · « **Reply #44 on:** March 06, 2013, 01:24:01 am »

Quote from: _CONEJO on March 05, 2013, 03:28:18 pm

*** IMPORTANT NOTE ***
Make a backup first!

If you were having problems with CSRF token when posting a listing, please, replace your files with the one in the zip located here http://www.conejo.me/files/Osclass-hotfixes-9529a85e3e.zip

Make a backup first!
You only need to replace the files and fix permissions of files and folders (root and oc-content should be writable), no update process, no database changes, no re-installation.

Remember to make a backup of your files first. I think I finally found the problem and the solution for the CSRF token problem. I want to test it out (I already tested it on android emulator, my Samsung Galaxy S2, JR's iphone ¿4?, I haven't more devices at hand). It would be great if you want to test it and share your problems.

If you get the token problem ALWAYS, specially trying to access your admin panel
Please, paste this code on the second line of your config.php

Code: [Select]
session_save_path ( ABS_PATH . 'oc-content/uploads/' );

If you still have problems, tell me. I want to fix them, please provide as much information as you could.

Once we know this is the fix, we'll release a new version (3.1.1) of Osclass, via the automatic update, you will be able to update as usual.

If you have problems with update process or images not being able to upload, this is not the topic for you, but contact me and tell me as much as you can about it, I will try to fix them as soon as possible.

Not working on samsung galaxy 3 ( sprint service )
tested 2 times and both times failed with the token.

I have captcha on.

I retried refreshing the catpcha on the 2nd test still failed...

I you would like I can give you access to my account and hosting....

Osclass forums

News:

Author Topic: Invalid CSRF token ??? (Read 49904 times)

Anti-NWO

Re: Invalid CSRF token ???

Anti-NWO

TEMP Solution

_CONEJO

Re: TEMP Solution

blackspade

Re: Invalid CSRF token ???

kcguy

Re: Invalid CSRF token ???

_CONEJO

Re: Invalid CSRF token ???

kcguy

Re: Invalid CSRF token ???

web2graphics

Re: Invalid CSRF token ???

_CONEJO

Re: Invalid CSRF token ???

kcguy

Re: Invalid CSRF token ???

kcguy

Re: Invalid CSRF token ???

admymotor

Re: Invalid CSRF token ???

_CONEJO

Re: Invalid CSRF token ???

kcguy

Re: Invalid CSRF token ???

kcguy

Re: Invalid CSRF token ???