Announcement

Collapse
No announcement yet.

Missing security token

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Missing security token

    1. vBulletin Version: recently updated from 5.5.4 patch 2 to 5.5.5
    2. PHP Version: 7.3.9-1~deb10u1
    3. MySQL Version: 10.3.17-MariaDB-0+deb10u1
    4. Any Addons installed: Redirect Topic Title to First New or Last Post by vBMods.rocks
    5. Does the issue occur in a default style? yes
    6. Does the issue occur using the English language provided? yes
    7. Error message on the screen: see below
    8. Browser and Browser version used. I checked in chrome, firefox and safari
    9. Did you clear the browser cache and did the error continue? yes



    This error occurs when trying to edit a reply on a blogpost. It is the first time we try to do that, so I can't say if it's a new problem or not
    I saw in older topics something about tabs open for to long, that couldn't be the problem here. I also tried the ctrl+f5, but that didn't help.

    Tags: None
  • #2
    The security token is embedded in the page when it is downloaded. It has a very specific lifespan and is deleted from the system at the end of that lifespan. Reloading the page should create a new session and security token to be used.

    If you have edited your templates, you will need to make sure the security token is added to all forms. Review the default templates for the code on this.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment

    • #3
      Zeefje This problem happens to me when the autologger (Truekey) quickly enters the password. If I stop true-key from doing that, I would not have any issue. Does the problem happen to you also when your browser tries to automatically feed in the password? I think the invalid security toke is intended as a security measure to prevent illegitimate access to the website.

      Comment

      • #4
        Originally posted by Mohammed Abu Risha View Post
        [USER="489426"]I think the invalid security toke is intended as a security measure to prevent illegitimate access to the website.
        It is there for two reasons.
        1. Make sure the form submission is legitimate
        2. Prevent session highjacking from clicklink attacks that lead offsite.

        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.
        • 1 like

        Comment

        Previous template Next
        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X