-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot login due to Invalid token! (CSRF check failed) #630
Comments
Can you try running a really simple script like this - and see what happens when you refresh the page. <?php
session_start();
if(false == isset($_SESSION['test'])) {
var_dump("init ... refresh please");
$_SESSION['test'] = uniqid();
}
var_dump('Session contains', $_SESSION); |
Hi David, I placed the script in public. and run it. First time i see 'refresh please' message on refresh i only see Test string is always the same. Marcel |
Unexpected! Before when we've seen similar bug reports, it's just been your session support is/was broken, and the $_SESSION variable not matching up with what's rendered in a form. Is it possible the page(s) are being cached (when they shouldn't be?) |
I have nginx running, and explicitly disabled caching for postfixadmin (is a separate site). no chance to login, message still appears. |
Adding
to config.inc.php fixed the issue for me. Logfiles showed that is the problem. Maybe your config.inc.php is not up to date? |
Hi Scobiform, Thanks for the suggestion. I added to config.local.php and config.inc.php. but that unfortunatelis is not the solution. When i comment out the So it is an issue in ligning up the PFA_token and safepost('token') somehow. |
Hm, that's interesting. For that to be the problem it would imply that somehow you have a 404 handler that is (for example) loading the index.php page. If cookies/php sessions are working correctly, having something that's executing PHP twice in what should be one request, would explain things. |
Hi David, scobiform, Turns out my nginx config was affecting this problem. Somehow my server config was combined for 80 and 443. Thanks to the quick help to resolve this issue. With regards |
Investigated both folder permissions as nginx config. Turns out to be an issue in my server config. |
@marcelsolvarea thanks for closing the bug and giving an explanation of what the problem is/was. I'm not sure why a "server config ... conmbined for 80 and 443" would cause the problem, but I have little experience with nginx ! |
I have migrated Postfixadmin to latest version.
When running setup.php all seems to be okay, database update is performed and no outstanding issues left.
Opening login.php is succesful, but when logging in Invalid token! (CSRF check failed) shows up.
I checked php session working, and all is fine (tested it with scripting).
When debugging, i discover $_POST['token'] is set, but $_SESSION['PFA_token'] differs.
PHP session is saved, and equals $_POST['PFA_token'].
$_SESSION['token'] differs from php session and $_POST['PFA_token']
How can this issue be resolved?
Thanks for the reply in advance
The text was updated successfully, but these errors were encountered: