1
irmtfan
core 2.2.4: token system annoying
  • 2006/7/9 21:53

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


in my site i have too many compalins about the error:"No valid security token found in session"
also i have this error too even after send a post or change a config in 5 seconds.
any help?

2
leostotch
Re: core 2.2.4: token system annoying
  • 2006/7/9 22:47

  • leostotch

  • Just popping in

  • Posts: 76

  • Since: 2006/4/1 1


(Not tested but that should work, looking at the file source)

class/xoopssecurity.php
function check($clearIfValid true$token false) {
        
$this->validateToken($token$clearIfValid);
        return 
true;
    }


This should disable the tokens system. However, know that it's a security compromise (not an issue or hole, but it may add to the consequences of some potential vulnerabilites like XSS).

3
birdseed
Re: core 2.2.4: token system annoying
  • 2006/7/10 9:07

  • birdseed

  • Just popping in

  • Posts: 59

  • Since: 2005/2/26


Hi

The token system is there in order to avoid sending the same post request many times. It appears when you click on the "back" Button of your browser, what you shouldnt do on post requests already sent. I wouldn't completely deactivate it. Seems you use modules which have implementation problems with the XOOPS Token. You could simply comment out calls to the $xoopsSecurity class / check command on that specific page where it annoys you.

greetings
birdseed

4
irmtfan
Re: core 2.2.4: token system annoying
  • 2006/7/10 13:30

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


Ok i disable it.
IMO usablity is more important that security.
if user dont be able to send post what is the benefit of security?

5
birdseed
Re: core 2.2.4: token system annoying
  • 2006/7/10 13:59

  • birdseed

  • Just popping in

  • Posts: 59

  • Since: 2005/2/26


Hi

you haven't read my posting attentively. XOOPS security disallows the repeated sending of POST requests.

greets
bsm

Login

Who's Online

282 user(s) are online (242 user(s) are browsing Support Forums)


Members: 0


Guests: 282


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits