Jump to content

Cannot login to the cube-cart admin panel Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used.


Guest

Recommended Posts

Hi, For some reason I cannot login to the admin panel. I am receiving the following error code.

Cannot login to the cube-cart admin panel Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used.

I have tried suggestions via a google search such as manually clearing the cache from the cache folder/ database etc 

I have tried different browsers, different computer. It was working fine however doesn't let me login at all now. Please see attached.

Can anyone help?
Thanks

csrf.png

Link to comment
Share on other sites

8 minutes ago, Al Brookbanks said:

Click the padlock icon or make sure the protocol in the browser window is https and not http and it will be fine. 

Thanks for the quick reply. I have tried with and without https and still no luck. Its very strange because it was working fine. I have cleared the Cubecart_sessions in the database. Cleared the cache folder in the root directory. However I have just noticed the admin folder had been renamed on the server however I can still access the admin url via the old folder name if that makes sense!

Link to comment
Share on other sites

 

2 minutes ago, Al Brookbanks said:

Did you upgrade manually or using the auto upgrade tool? There have been issues with the auto upgrade too so please upgrade manually. 

I haven't installed any updates this is a fresh install of cubecart. 

Thanks

Link to comment
Share on other sites

Downloaded directly from cube-carts website. I am wondering if somehow clearing the cache has messed something up. I did come across a post by yourself after a Google search suggesting to add the sessions folder and custom file to the root directory however still no luck. 

Is there any way to disable this so I can at least get into the admin panel for now?
 

Thanks

Link to comment
Share on other sites

I think I changed the cookie directory within SSL and then this error message came up. Is there any way to manually change the cookie directory via a php file?

Link to comment
Share on other sites

Thankyou I managed to get it working by reinstalling cubecart and then uploading my backup files to the server. Everything seems ok now.

However the error still persists not on the admin login but when a sandbox payment is made with Paypal and are redirected back to the site. I have to manually refresh the page for it to show the purchase details! 

Thanks

Link to comment
Share on other sites

  • 1 month later...

@dan168, you can install to localhost. There will be some specific statements added to /includes/global.inc.php (search the forums for localhost). I recommend not using localhost but rather the actual IP 127.0.0.1.

Then, if needed, you can create a "self-signed" security certificate and configure your localhost web server to use it. Do an internet search for how to create one of these.

Your browser will complain about the certificate being self-signed, but you can then tell your browser to make a permanent exception for this certificate at IP 127.0.0.1.

(Disclaimer: I am only up to CC615 at the moment, so I have not had the opportunity to experience any anomalies regarding weird CSRF issues with the latest versions.)

Link to comment
Share on other sites

Hi,

I read this thread with great intrest, since I've experienced the same problems.
Actually I got the CubeCart shop (6.1.8) and its backend running on localhost (PHP-Version: 7.0.21-1~ubuntu16.04.1+deb.sury.org+1, MySQL-Version: 5.7.19-0ubuntu0.16.04.1, Server-Software: Apache/2.4.27 (Ubuntu)) even with Chromium - thanks to bsmither's advice in 

But I cannot log me in on the production site online. Of course I changed the /includes/global.inc.php accordingly to meet the settings of my provider.

I cleared the browser cache, the database cache and the cache folder; tried different browsers.
Still I cannot log me in, it always says: "Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used."

As I am setting up the CubeCart shop for a customer - and he should be able to log himself in without hassle, obviously - this is an important problem.
Is there a known and viable route to escape this trouble?

Cheers: Martin

Edited by YdihwIP
Link to comment
Share on other sites

Just now, YdihwIP said:

Maybe I just do another clean install and import the database then.

Thats not a good idea and could be why you have this problem in the first place. Please only do a fresh install or upgrade an existing store. 

If you are importing the database from a CSV file via the admin control panel that should be fine. 

Link to comment
Share on other sites

Hi Al,
thank you for this information.
Maybe this is the pivotal point where I made my mistake.

I wanted to install CC locally first because my intention is to write an import plugin for categories and customer data.
So after having set up everything fine on my localhost I copied the files via FTP and then loaded the local mysql_dump via phpMyAdmin into the remote database.
Then I checked the global.inc.php and the .htaccess file.

As I can obviously reach the page I was almost startled that I could not log in - after all everything went fine locally.
I will give your advice a try - and post the result then.

Cheers: Martin

Link to comment
Share on other sites

Hi cubecarters ;-)

right, I resolved the thing by  a simple cut. I made a completely fresh installation on the production website.
Opened local and remote admin panel in two browser windows an copied the data manually.
Everything is fine, I can even login with Chrome without any troubles now.

So there must have been something I missed, ignored or ruined when I copied my local version via FTP.
Anyway, it's up and running. Thank you for your support and your hints.

Cheers: Martin 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...