BexM Posted December 15, 2016 Share Posted December 15, 2016 I am get this message when trying to add product options.... and then takes me to dashboard... not allowing me to add further options? Is there a limit? Thanks in advance. Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted December 15, 2016 Share Posted December 15, 2016 Are you working on more than one page at the same time? That will make that happen. Just noticed this is your first post on the forum - welcome! Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 15, 2016 Share Posted December 15, 2016 Please let us know how many options you have created. This warning comes when the "security token" is wrong or missing. CubeCart embeds a security token within each form that collects data. Once that form is submitted, the security token is compared against what CubeCart is expecting it to be. It it matches, or if it is missing/wrong, depends what screen you see next (and whether the data submitted gets processed). Then a new security token is generated and sent out in the next form. So, if you have more than one page open in several browser windows/tabs, submit a form from one tab, the security token is regenerated, submit the next form in another tab, the security token no manger matches. Or, if the amount of data being submitted is very high, then PHP may be rejecting what got submitted past the 1000th data item. The security token is the very last item in the list of items being submitted. In CubeCart admin, PHP Info, scroll to the Core table. Look for the 'max_input_vars' row. The value will tell you the most number of data items PHP will accept. This value can be changed to a higher number, but could require the assistance of your hosting provider. If this value needs to be higher, we suggest 6000. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 15, 2016 Share Posted December 15, 2016 If you have a lot (actually not even really that high) of product options then there are several limits that can be reached (max_input_vars is one but if your hosting provider also uses the security module suhosin, then there are others as well). The limits with many hosting companies are often quite low, and some will refuse to change them (in which case you don't have too many options !) but even on our CubeCart hosting servers, which have massively increased limits, we have had a customer reach it and had to increase it further. What is really needed is the whole product options program to be recoded as the way it is written simply doesn't cope with what many shops consider a reasonable number of options. I have asked about this and it seems unlikely to happen although if enough people have problems with it and make it known, then it obviously becomes more important Ian Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted December 15, 2016 Share Posted December 15, 2016 Just repeating what the others have said.... https://support.cubecart.com/Knowledgebase/Article/View/215/40/my-store-redirects-to-the-admin-dashboard-when-i-click-save Quote Link to comment Share on other sites More sharing options...
bsandall Posted December 28, 2016 Share Posted December 28, 2016 On 12/15/2016 at 7:44 AM, Al Brookbanks said: Just repeating what the others have said.... https://support.cubecart.com/Knowledgebase/Article/View/215/40/my-store-redirects-to-the-admin-dashboard-when-i-click-save Al you may also want to mention on that page about having multiple tabs open - this is quite common these days and I doubt most users would intuitively think 'ah I see, the security token is generated when a page loads, so if I load a second page, even if it's in a different tab, then any previously opened pages will have invalid tokens and fail when they submit...' So, perhaps a friendly warning to work in only one tab at a time? Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 28, 2016 Share Posted December 28, 2016 Having multiple tabs open is a very common way of working and is something that isn't possible with CubeCart now and when doing it, it creates the same symptoms as having too many POST'd variables. The ideal solution would be rewriting the way CubeCart stores the security token but this is a big task BUT it would solve the multiple tabs and excessive number / size of POST'd variables Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 28, 2016 Share Posted December 28, 2016 Technically, one can open many admin pages in numerous tabs. And, one can submit a form from any one of those tabs. The rest of the screens must be understood to be available for reference and research. It is exactly when CubeCart processes the POSTed data is when CubeCart generates a new security token and sends it off in the page that replaces the POSTed page. Then, the forms in all the other open tabs now have an obsolete security token and CubeCart will not accept any POSTings from them. Doing away with the security token is not really a big task. It is there for a security reason. And, it would not solve the problem of POSTing too much data. The security token is at the end of the POST array, so if PHP or some other limit truncates the collection of key/value pairs, there goes the security token and we get an indication that something went wrong (but not what actually went wrong). It is trivial to have the security token at the beginning of the key/value collection, and CubeCart will process the data normally -- except now we have the situation where the collection gets truncated and we have no reliable indication that the data got truncated, other than eventually we would notice that the data POSTed (sometime in the past) went missing or did not update. The fix for limiting the amount of POSTed data is somewhat tricky to fix, but I have managed to do something to fix the AIOS module. Quote Link to comment Share on other sites More sharing options...
bsandall Posted December 28, 2016 Share Posted December 28, 2016 Yes, one can open many tabs, but as soon as you post from one, all the others are invalidated. I would argue that this is not intuitive for the vast majority of users, and even understanding it I still sometimes forget which tab(s) can be submitted; as a result, I try to remember to always refresh the page before I do any editing. I haven't given much thought to how we can improve the admin user experience, but I certainly believe it can be improved. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 29, 2016 Share Posted December 29, 2016 I wasn't suggesting that the security token be removed or the position moved - as you said, that doesn't solve any of the underlying issues at all. What is needed and what is a big task, is rewriting the way that large quantities of data such as product options are saved. Brian, you say you have a solution to the AIOS module which is another area where this happens, is that something you can share and can the same solution be applied to product options ? Ian Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 29, 2016 Share Posted December 29, 2016 See a new post. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.