9
I don't think we are facing exactly the same problem. But, in my case, there was a trouble when an anonymous user try to post a comment: he gets that error message "taking you ... where you were".
This is caused by the empty $_SESSION['XOOPS_TOKEN_SESSION'] as far as I know. (please bear in mind that I'm not a coder. :-p) So I swapped class/xoopssecurity.php with the one for "XoopsCube". (XoopsCube is compatible with XOOPS 2.0.x for the time being.) And I also uploaded "class/token.php" from XoopsCube, added some lines within XoopsSecurity class.
Add the following code somewhere in class/xoopssecurity.php
le="color: #000000"><?php function checkReferer($docheck=1) { $ref = xoops_getenv('HTTP_REFERER'); if ($docheck == 0) { return true; } if ($ref == '') { return true; // return false; } if (strpos($ref, XOOPS_URL) !== 0 ) { return false; } return true; }
Please remember the fact that it may create an gaping security hole for I'm not a professional. At very least, it weakens the protection against CRSF. So all the webmasters must turn on referrer when s/he manages his/her web sites.
Anyway, this hack solved MY problem, and my site became more friendly to anonymous visiters. That's all I can say.
Liberty is never being too sure you're right....