Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

The CSRF token could not be verified.

joost1982
Topic Author
Offline
New Member

More

10 years 8 months ago - 10 years 8 months ago #115605 by joost1982

The CSRF token could not be verified. was created by joost1982

Hi there,

I've created a closed survey with tokens and invited some people. I can see responses coming in, but one user emailed me that he cannot login. The error he got:

-- begin error --
Bad request.
The CSRF token could not be verified.

The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications.
If you think this is a server error, please contact the webmaster.
-- end error --

Can someone explain to me what is going on here?

Last edit: 10 years 8 months ago by joost1982. Reason: -

The topic has been locked.

DenisChenu
Offline
LimeSurvey Community Team & Official Partner

More

10 years 8 months ago #115614 by DenisChenu

Replied by DenisChenu on topic The CSRF token could not be verified.

Hi,

For security, we enable Cross-site Request Forgery Prevention from Yii .

There are a crsf token in the $_SESSION and same crsf token in the HTML page (in a hidden input).

It work, but can break in some condition : user deactivate all cookies , even $_SESSION cookies : see bug : bugs.limesurvey.org/view.php?id=9093

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.

The topic has been locked.