Jump to content
E-Luminate

User login shows CSRF error

Recommended Posts

Hi,

I'm running Cubecart 6.1.13 and am getting a CSRF error immediately after logging in as a user.

This started happening the other day and I hadn't altered any files.

The following errors were detected:

    Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used.

I have already cleared the cache and even did so manually. When I navigate to any page following the login, it shows as I am logged out. When I return to the homepage it reverts back to showing me as logged in.

In the debugging it shows the following error:

PHP:
[Warning] /home/**censored**/public_html/classes/sanitize.class.php:152 - Invalid Security Token[Notice] /home/**censored**/public_html/includes/functions.inc.php:196 - Undefined variable: _GET[Notice] /home/**censored**/public_html/includes/functions.inc.php:196 - Undefined variable: _GET[Notice] /home/**censored**/public_html/classes/cubecart.class.php:184 - Undefined variable: contents[Notice] /home/**censored**/public_html/classes/cubecart.class.php:184 - Undefined variable: contents[Notice] /home/**censored**/public_html/classes/cubecart.class.php:86 - Undefined index: doc_name

Any help would be greatly appreciated!

Neil.

Share this post


Link to post
Share on other sites

It's either because you have more than one window open or the form submit exceeds the max amount of form fields allowed in the PHP config.

Share this post


Link to post
Share on other sites

Thanks for the reply!

Definitely not a multiple open window issue.

I assume changing the PHP config will be up to the hosting company? What should the max amount be in order to make this issue go away?

Neil.

Share this post


Link to post
Share on other sites

Certainly, if this all of a sudden started to happen, then we have a strong case to blame the hosting company.

It could be the case that they installed and enabled an overly agressive server-level cache utility. One where the login page has been cached and is served containing an obsolete security token.

Or, as I have heard about with one other instance, a recent browser update has acquired overly aggressive protocols using its (the browser's) internal cache. Instead of using the cache for a page's resources (images, css, and javascript files), the actual page is brought up from its cache as well.

Share this post


Link to post
Share on other sites

Hi,

Thanks for the feedback. I have been working with the hosting company but it is taking a lot of time!

If it helps, when I check the debugging at the bottom of the login page, I get...

[Notice] /home/**censored**/public_html/classes/session.class.php:667 - session_start() [function.session-start.php]: ps_files_cleanup_dir: opendir(/var/cpanel/php/sessions/ea-php56) failed: Permission denied (13)

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...