E-Luminate Posted December 8, 2017 Share Posted December 8, 2017 Hi, I'm running Cubecart 6.1.13 and am getting a CSRF error immediately after logging in as a user. This started happening the other day and I hadn't altered any files. The following errors were detected: Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used. I have already cleared the cache and even did so manually. When I navigate to any page following the login, it shows as I am logged out. When I return to the homepage it reverts back to showing me as logged in. In the debugging it shows the following error: PHP: [Warning] /home/**censored**/public_html/classes/sanitize.class.php:152 - Invalid Security Token[Notice] /home/**censored**/public_html/includes/functions.inc.php:196 - Undefined variable: _GET[Notice] /home/**censored**/public_html/includes/functions.inc.php:196 - Undefined variable: _GET[Notice] /home/**censored**/public_html/classes/cubecart.class.php:184 - Undefined variable: contents[Notice] /home/**censored**/public_html/classes/cubecart.class.php:184 - Undefined variable: contents[Notice] /home/**censored**/public_html/classes/cubecart.class.php:86 - Undefined index: doc_name Any help would be greatly appreciated! Neil. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted December 8, 2017 Share Posted December 8, 2017 It's either because you have more than one window open or the form submit exceeds the max amount of form fields allowed in the PHP config. Quote Link to comment Share on other sites More sharing options...
E-Luminate Posted December 8, 2017 Author Share Posted December 8, 2017 Thanks for the reply! Definitely not a multiple open window issue. I assume changing the PHP config will be up to the hosting company? What should the max amount be in order to make this issue go away? Neil. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 8, 2017 Share Posted December 8, 2017 Certainly, if this all of a sudden started to happen, then we have a strong case to blame the hosting company. It could be the case that they installed and enabled an overly agressive server-level cache utility. One where the login page has been cached and is served containing an obsolete security token. Or, as I have heard about with one other instance, a recent browser update has acquired overly aggressive protocols using its (the browser's) internal cache. Instead of using the cache for a page's resources (images, css, and javascript files), the actual page is brought up from its cache as well. Quote Link to comment Share on other sites More sharing options...
E-Luminate Posted December 9, 2017 Author Share Posted December 9, 2017 Hi, Thanks for the feedback. I have been working with the hosting company but it is taking a lot of time! If it helps, when I check the debugging at the bottom of the login page, I get... [Notice] /home/**censored**/public_html/classes/session.class.php:667 - session_start() [function.session-start.php]: ps_files_cleanup_dir: opendir(/var/cpanel/php/sessions/ea-php56) failed: Permission denied (13) Quote Link to comment Share on other sites More sharing options...
E-Luminate Posted December 9, 2017 Author Share Posted December 9, 2017 Right! You are right bsmither, it turned out to be a Firefox update on the 7th Dec. Thanks for your help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.