jkmorganpets Posted December 29, 2015 Share Posted December 29, 2015 Periodically when I go to save a change, or save and reload, instead of saving then taking me back to the products page or the product I am working on, I get sent to the dashboard without any of my changes being saved. It has always done this, more of a nuisance than anything, but now I have to add a lot of prices in the attributes, and doing a whole pile just to have them not saved it getting to me.Anyone else experience this glitch on 5.2.16? Jillcc5.2.16 Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 29, 2015 Share Posted December 29, 2015 This is a very unfortunate consequence of having implemented a measure of security. I have no explanation for the true reason why this measure of security is in place, but I can see its intent.The intent I am assuming is to prevent the willy-nilly submission of form data, hoping to get bad data injected into the system by a rogue player. Having a cookie that controls the "admin's activity session" is one thing, but having a unique token that is checked against every form submission -- and is unique for every time Cubecart sends to you a form to fill out, is very clear in the effort to block against unexpected form submissions.In CC3/4, not having this unique token get in the way meant I could open 40 tabs in my browser, make a minor adjustment as needed to each, then save each form -- all in rapid fire.Not so with CC5/6. CubeCart remembers the last security token created with the most recent form sent out. Submitting a prior form means the latest security token is now expired and any more form submissions will not have a good security token. When Cubecart determines the security token is not what is expected, the form data submitted is trashed and the Dashboard is sent to the browser.We can try to render impotent the security token. Quote Link to comment Share on other sites More sharing options...
bsandall Posted December 29, 2015 Share Posted December 29, 2015 (edited) This type of security measure, known as the Synchronizer Token Pattern, is typically implemented to prevent Cross-Site Request Forgery attacks, which, while rare and usually difficult to pull off, can be very devastating when successful.EDIT: Note that you can avoid getting sent to the dashboard by working with the admin panel open in only one tab at a time, which is unfortunate because having multiple tabs open to different parts of the admin panel often makes a task easier to complete. Edited December 29, 2015 by bsandall Quote Link to comment Share on other sites More sharing options...
jkmorganpets Posted December 29, 2015 Author Share Posted December 29, 2015 I do usually have more than one tab open. Guess I'll just have to keep it to one tab at a time. Ah, such is life. A minor inconvenience. Jill Quote Link to comment Share on other sites More sharing options...
bsandall Posted December 29, 2015 Share Posted December 29, 2015 To clarify (though I may just be reading your response incorrectly), you can have multiple tabs open so long as only one of them is the admin panel. I usually have both the storefront and the admin open in the same window, along with a dozen or more other tabs. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 29, 2015 Share Posted December 29, 2015 To clarify, you can request, and have that data displayed, in as many pages from admin as you want.Only when you submit a form, is the current security token expired. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted December 29, 2015 Share Posted December 29, 2015 So it's OK to open various tabs of Admin pages for reference, as long as all the others are just to look at, NOT edit/save? Quote Link to comment Share on other sites More sharing options...
bsandall Posted December 29, 2015 Share Posted December 29, 2015 (edited) So it's OK to open various tabs of Admin pages for reference, as long as all the others are just to look at, NOT edit/save?Yes, as long as the page containing the form you want to submit is the last one you opened. If you open any other admin tab page afterward, and you entered some data but didn't submit the form, all that data will be lost*.Thus, if you are planning to submit a form, I recommend you only have one tab open - it's easy to forget and open another tab by accident half-way through a form (I've done it lots... but maybe that's just me).* Unless you open yet another tab to the same page and copy/paste that data over and then submit that one, but if you tried to submit the first one, *poof* Edited December 29, 2015 by bsandall Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.