Hi all,
I have been using my limesurvey in an iFrame for years. Recently it started showing (Bad Request - CSRF token..) error. 
I went through some feedbacks in the forum and i did set 'enableCsrfValidation'=>false in my config file. Now it's showing another problem which is session expired. 

I will be grateful if someone please can help ?

Thank you so much !

www.limesurvey.org/manual/Optional_setti....28New_in_3.24.3_.29

Browser update security system.

Thank you so much for your feedback.

Unfortunately the iFrame is on another website which i don't have access to his code.

rasheed wrote:

Thank you so much for your feedback.

Unfortunately the iFrame is on another website which i don't have access to his code.
 

No : you need to update your limesurvey config.php file, not the other website.

If you don't have access to your limesurey config.php : you must ask to your hoster

Great news, thank you.
I modified the config file as you can see below. The survey link still works fine but when displayed in the iFrame i get the following error: 

Internal Server Error
Property "CHttpCookie.samesite" is not defined.
An internal error occurred while the Web server was processing your request. Please contact the webmaster to report this problem.

Here is my current config file:

return array(
    'components' => array(
        'db' => array(
            'connectionString' => 'mysql:host=localhost;port=3306;dbname=xxxx_go;',
            'emulatePrepare' => true,
            'username' => 'xxxxxxx',
            'password' => 'xxxxxx',
            'charset' => 'utf8',
            'tablePrefix' => 'lime_',
        
        
        ),
        
         'session' => array (
            'sessionName'=>'LS-VBXZZORFJZCAKGYI',
            // Uncomment the following lines if you need table-based sessions.
            // Note: Table-based sessions are currently not supported on MSSQL server.
            // 'class' => 'application.core.web.DbHttpSession',
            // 'connectionID' => 'db',
            // 'sessionTableName' => '{{sessions}}',
            'cookieParams' => array(
                'secure' => true,
                'httponly' => true,
                'samesite' => 'None',
            ),
         ),
         
        'request' => array(
            'enableCsrfValidation'=>true,
            'csrfCookie' => array(
                'samesite' => 'None',
                'secure' => true,
            ),
        ),
        
        // Uncomment the following line if you need table-based sessions
        // 'session' => array (
            // 'class' => 'system.web.CDbHttpSession',
            // 'connectionID' => 'db',
            // 'sessionTableName' => '{{sessions}}',
        // ),
    
        
        'urlManager' => array(
            'urlFormat' => 'get',
            'rules' => require('routes.php'),
            'showScriptName' => true,
        ),
    
    ),
    // Use the following config variable to set modified optional settings copied from config-defaults.php
    'config'=>array(
    // debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this
    // then please check your error-logs - either in your hosting provider admin panel or in some /logs directory
    // on your webspace.
    // LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates
        'debug'=>0,
        'debugsql'=>0 // Set this to 1 to enanble sql logging, only active when debug = 2
    )
    

);

What is your LimeSurvey version ?
bugs.limesurvey.org/view.php?id=16769
github.com/LimeSurvey/LimeSurvey/commit/...e910598d942615b1dd0f
github.com/LimeSurvey/LimeSurvey/commit/...9661a5bb5aaf1678069d

Oups … updated manual

sameSite