Please help us help you and fill where relevant:
LimeSurvey version: 6.15.6
Own server or LimeSurvey Cloud: own server
Survey theme/template: Bootswatch
==================

My surveys had been working fine and I was just demonstrating them on Saturday. I didn't make any changes and then all of a sudden users are receiving a 403 invalid access code message. The survey results are being recorded, I'm just seeing the invalid access code message on what would be the completion screen. I see a 403 forbidden response on the POST (ex, https://limesurveyinstance/671461). I didn't make any changes and then all of a sudden this started to happen. These surveys are all running in closed access mode. I really appreciate any help you can provide!   

 

Hi,

Same here. It seems linked to the 6.15.6 update.

First a request is ok (200):
[21/Aug/2025:12:10:20 +0200] "POST /index.php/415676 HTTP/1.1" 200 6031 " www.MYDOMAIN.ch/index.php/415676 " "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.0.0"
(I suppose this is where the survey is saved)

And immediately after, same but 403:
[21/Aug/2025:12:10:22 +0200] "POST /index.php/415676 HTTP/1.1" 403 5706 " www.MYDOMAIN.ch/index.php/415676 " "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.0.0"

(Nothing inbetween)

same here. without token (open access) worked. With open and a member list or closed and member list we get 403, but the answer is saved.

Here two Stacktraces:

CException
Eigenschaft "SurveyDynamic.token ist nicht definiert.

/var/www/umfragen/vendor/yiisoft/yii/framework/db/ar/CActiveRecord.php(162)

150      * This method is overridden so that AR attributes can be accessed like properties.
151      * @param string $name property name
152      * @param mixed $value property value
153      * @throws CException
154      */
155     public function __set($name,$value)
156     {
157         if($this->setAttribute($name,$value)===false)
158         {
159             if(isset($this->getMetaData()->relations[$name]))
160                 $this->_related[$name]=$value;
161             else
162                 parent::__set($name,$value);
163         }
164     }
165 
166     /**
167      * Checks if a property value is null.
168      * This method overrides the parent implementation by checking
169      * if the named attribute is null or not.
170      * @param string $name the property name or the event name
171      * @return boolean whether the property value is null
172      */
173     public function __isset($name)
174     {
Stack Trace
#0    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/db/ar/CActiveRecord.php(162): CComponent->__set()
#1    
+  /var/www/umfragen/application/helpers/SurveyRuntimeHelper.php(223): CActiveRecord->__set()
#2    
+  /var/www/umfragen/application/controllers/survey/SurveyIndex.php(668): SurveyRuntimeHelper->run()
#3    
+  /var/www/umfragen/application/controllers/survey/SurveyIndex.php(22): SurveyIndex->action()
#4    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/actions/CAction.php(76): SurveyIndex->run()
#5    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CController.php(308): CAction->runWithParams()
#6    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CController.php(286): CController->runAction()
#7    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CController.php(265): CController->runActionWithFilters()
#8    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CWebApplication.php(282): CController->run()
#9    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CWebApplication.php(141): CWebApplication->runController()
#10    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/base/CApplication.php(185): CWebApplication->processRequest()
#11    
+  /var/www/umfragen/index.php(161): CApplication->run()


CHttpException
Ungültiger Zugangscode

/var/www/umfragen/application/helpers/frontend_helper.php(392)

380     $clienttoken = $_SESSION ?? '';
381 
382     if (($clienttoken === '') && ($thissurvey !== SurveyAccessModeService::$ACCESS_TYPE_CLOSED)) {
383         return; //optional
384     }
385 
386     // Shift the date due to global timeadjust setting
387     $today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", Yii::app()->getConfig("timeadjust"));
388 
389     // check how many uses the token has left
390     $token = Token::model($surveyid)->findByAttributes(array('token' => $clienttoken));
391     if (!$token) {
392         throw new CHttpException(403, gT("Invalid access code"));
393     }
394     $token->scenario = 'FinalSubmit'; // Do not XSS filter token data
395 
396     if ($quotaexit == true) {
397         $token->completed = 'Q';
398         $token->usesleft--;
399     } else {
400         if ($token->usesleft <= 1) {
401             // Finish the token
402             if (isTokenCompletedDatestamped($thissurvey)) {
403                 $token->completed = $today;
404             } else {
Stack Trace
#0    
–  /var/www/umfragen/application/helpers/SurveyRuntimeHelper.php(1326): submittokens()
1321                 $this->aSurveyInfo = $this->processString($this->aSurveyInfo, 3, 1);
1322             }
1323 
1324             //Update the token if needed and send a confirmation email
1325             if ($surveyActive && $oSurvey->getHasTokensTable()) {
1326                 submittokens();
1327             }
1328             //Send notifications
1329             if ($surveyActive) {
1330                 sendSubmitNotifications($this->iSurveyid);
1331             }
#1    
–  /var/www/umfragen/application/helpers/SurveyRuntimeHelper.php(263): SurveyRuntimeHelper->moveSubmitIfNeeded()
258             // TODO: move somewhere else
259             $this->setNotAnsweredAndNotValidated();
260         } else {
261             $this->setPreview();
262         }
263         $this->moveSubmitIfNeeded();
264         $this->setGroup();
265         $this->fixMaxStep();
266 
267         //******************************************************************************************************
268         //PRESENT SURVEY
#2    
–  /var/www/umfragen/application/controllers/survey/SurveyIndex.php(668): SurveyRuntimeHelper->run()
663         unset($redata);
664         $redata = compact(array_keys(get_defined_vars()));
665         Yii::import('application.helpers.SurveyRuntimeHelper');
666         $tmp = new SurveyRuntimeHelper();
667         // try {
668             $tmp->run($surveyid, $redata);
669         // } catch (WrongTemplateVersionException $ex) {
670         //     echo $ex->getMessage();
671         // }
672     }
673 
#3    
+  /var/www/umfragen/application/controllers/survey/SurveyIndex.php(22): SurveyIndex->action()
#4    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/actions/CAction.php(76): SurveyIndex->run()
#5    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CController.php(308): CAction->runWithParams()
#6    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CController.php(286): CController->runAction()
#7    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CController.php(265): CController->runActionWithFilters()
#8    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CWebApplication.php(282): CController->run()
#9    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/web/CWebApplication.php(141): CWebApplication->runController()
#10    
+  /var/www/umfragen/vendor/yiisoft/yii/framework/base/CApplication.php(185): CWebApplication->processRequest()
#11    
+  /var/www/umfragen/index.php(161): CApplication->run()

If I got it right, version 6.15.7 fixes the problem, but it still is not available in comfortUpdate.

Thanks for this information. How long does it takes to this this version with comfort-update?

Usually the versions come out once a week (if I recall right Tuesday or something). However, generally, if there is a show stopper bug like this, I would expect this new version to be pushed out asap.

Does anyone have a link to a bug report for this?

I found this here and the poster says he/she is running 6.15.7, so it doesn't seem to be fixed with 6.15.7:

bugs.limesurvey.org/view.php?id=20235

Where did you hear that 6.15.7 fixes this?

I didn't find any other bug report regarding this.

I would suggest to add your observations to this bug report, or if you feel like your case is different open another bug report.

Developers rarely show up here in the forum, therefore bug reports are extremely important.

From what I have seen, so far no one from the developer team has had a look at this. I think the more people contribute, the more exposure / importance this gets. However, August in Germany is often slow and a good portion of the team might actually be on vacation...

Also, if you are paying clients of the Limesurvey GmbH (hosted SaaS version), you can create a support ticket, which might get attention even quicker than a bug report.

Not sure if this would be considered an issue with Comfort Update. If so, as a paying customer of Comfort Update you might also create a support ticket. But this of course is up for interpretation, if this is a Comfort Update issue or not.

Seen this here:
installatron.com/updatefeed/limesurvey_6_15_7

And here:
www.softaculous.com/news/scripts/updated...to-6-15-7-36847.html

How could one runs 6.15.7 if it is not released ? ;*)

Bug 20222 seems to say the 6.15.7 fixes the problem too:
bugs.limesurvey.org/view.php?id=20222