Back to limesurvey.org

Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

The CSRF token could not be verified.

  • joost1982
  • joost1982's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
10 years 1 month ago - 10 years 1 month ago #115605 by joost1982
The CSRF token could not be verified. was created by joost1982
Hi there,

I've created a closed survey with tokens and invited some people. I can see responses coming in, but one user emailed me that he cannot login. The error he got:

-- begin error --
Bad request.
The CSRF token could not be verified.

The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications.
If you think this is a server error, please contact the webmaster.
-- end error --

Can someone explain to me what is going on here?
Last edit: 10 years 1 month ago by joost1982. Reason: -
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team & Official Partner
  • LimeSurvey Community Team & Official Partner
More
10 years 1 month ago #115614 by DenisChenu
Replied by DenisChenu on topic The CSRF token could not be verified.
Hi,

For security, we enable Cross-site Request Forgery Prevention from Yii .

There are a crsf token in the $_SESSION and same crsf token in the HTML page (in a hidden input).

It work, but can break in some condition : user deactivate all cookies , even $_SESSION cookies : see bug : bugs.limesurvey.org/view.php?id=9093
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
Moderators: tpartnerholch

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source