Announcement

Collapse
No announcement yet.

Security token error

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • NumNum
    replied
    Resolved via 5.5.0 upgrade.

    Leave a comment:


  • Wayne Luke
    replied
    That looks correct. I suggest upgrading as a race condition could make the variable incorrect in specific rendering of the page.

    Leave a comment:


  • NumNum
    replied
    I get the following back;

    Code:
     localhost/renamed_db/routenew/        https://.hostname.com:2083/cpsess9242804887/3rdparty/phpMyAdmin/db_qbe.php?db=xxxxxx_db&token=54b8bcda6e5747a0e27e9df6751f8030
    
    
    
    
    
            Your browser has phpMyAdmin configuration for this domain. Would you like to import it for current session?        
            Yes
            / No
            / Delete settings
    
    
    
     Showing rows 0 -  0 (1 total, Query took 0.0010 seconds.)
    
     Switch to visual builder
    
    SELECT * FROM routenew WHERE name='contact-us';
    
    
    
    15    contact-us    NULL    contact-us    contact-us    vB5_Route_Page    page    index        a:1:{s:6:"pageid";s:1:"5";}    5    vbulletin    vbulletin-4ecbdacd6a6f13.66635713    NULL

    Leave a comment:


  • Wayne Luke
    replied
    There should not be a %251$s in any URL.

    What is the result of this query:

    Code:
    SELECT * FROM routenew WHERE name='contact-us';
    There have been some issues fixed with the privacy consent in versions after 5.4.5. You may be running into one of those issues.
    Last edited by Wayne Luke; Wed 24th Apr '19, 10:01am.

    Leave a comment:


  • NumNum
    replied
    Access logs;

    Code:
    xx.xxx.xxx.xx - - [20/Apr/2019:08:34:59 -0400] "GET /%251$s HTTP/2" 404 12565 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Mobile/15E148 Safari/604.1"
    
    xx.xxx.xxx.xx - - [20/Apr/2019:08:34:59 -0400] "GET /js/privacy-consent-banner.js?v=545 HTTP/2" 200 1153 "https://xxxx-xxxxxxx.org/%251$s" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Mobile/15E148 Safari/604.1"
    
    xx.xxx.xxx.xx - - [20/Apr/2019:08:34:59 -0400] "GET /css.php?styleid=1&td=ltr&sheet=css_b_modal_banner.css&ts=1555431637 HTTP/2" 200 407 "https://xxxx-xxxxxxx.org/%251$s" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like M

    Leave a comment:


  • NumNum
    replied
    Iíll check the error log but I suspect it is the embedded link in the message that goes here;

    https://xxxx-xxxxxxx.org/%251$s

    It should go to the contact us form, no?
    Last edited by NumNum; Sat 20th Apr '19, 1:20pm.

    Leave a comment:


  • Wayne Luke
    replied
    The 400 Bad Request error is an HTTP status code that means that the request you sent to the website server, often something simple like a request to load a web page, was somehow incorrect or corrupted and the server couldn't understand it.

    Your web server returned this what is the full error in its access logs and what is that URL that was incorrect?

    Leave a comment:


  • NumNum
    replied
    What would return a 400 error then?

    Leave a comment:


  • Wayne Luke
    replied
    It is a link to the Contact Us page specified under Settings -> Options -> Site Name / URL / Contact Us Details. Loading a new page loads a new Security Token. Security Tokens are never included in the actual URL. That would defeat the entire purpose of a Security Token.

    Leave a comment:


  • NumNum
    replied
    I know this is an older thread, but if you select the hyperlink in the message it brings me too a 400 page. Is this normal on a ssl site?

    I only get it on my cell phone (apple) as i sometimes don't close out the page (safari) properly.

    I suspect it is normal as the token times out and perhaps no longer recognizes the url?

    Leave a comment:


  • Wayne Luke
    replied
    Could it be also be something to do the the auto-save time setting?
    It is a standard security feature. Every page load has a security token embedded in it. This allows the server to verify that form input comes from your site and not some other random site that is trying to phish your users for information. These tokens have a limited lifespan and change per user. The auto-save may have triggered the error. Refreshing the page should resolve the error.

    Leave a comment:


  • CorbinH
    commented on 's reply
    Okay, thanks for the quick reply. We'll keep an eye on it and see what happens
    Could it be also be something to do the the auto-save time setting?

  • In Omnibus
    replied
    That's expected behavior. If you leave the forums on a specific page for more than I believe it's 15 minutes you will get that error because the cookie times out.

    Leave a comment:


  • CorbinH
    started a topic Security token error

    Security token error

    One of our members has just received this message.
    He states that it appeared after he was away from his computer for a few minutes.

    Click image for larger version

Name:	Sejacs-Error.jpg
Views:	84
Size:	95.8 KB
ID:	4398885

Related Topics

Collapse

Working...
X