XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Modules Support forums / 
  3. Module troubleshooting 
  4.  / core 2.2.4: token system annoying
Register
1
irmtfan
core 2.2.4: token system annoying

  • 2006/7/9 21:53

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


in my site i have too many compalins about the error:"No valid security token found in session"
also i have this error too even after send a post or change a config in 5 seconds.
any help?
2
leostotch
Re: core 2.2.4: token system annoying

  • 2006/7/9 22:47

  • leostotch

  • Just popping in

  • Posts: 76

  • Since: 2006/4/1 1


(Not tested but that should work, looking at the file source)

class/xoopssecurity.php
function check($clearIfValid true$token false) {
        $this->validateToken($token$clearIfValid);
        return true;
    }


This should disable the tokens system. However, know that it's a security compromise (not an issue or hole, but it may add to the consequences of some potential vulnerabilites like XSS).
3
birdseed
Re: core 2.2.4: token system annoying

  • 2006/7/10 9:07

  • birdseed

  • Just popping in

  • Posts: 59

  • Since: 2005/2/26


Hi

The token system is there in order to avoid sending the same post request many times. It appears when you click on the "back" Button of your browser, what you shouldnt do on post requests already sent. I wouldn't completely deactivate it. Seems you use modules which have implementation problems with the XOOPS Token. You could simply comment out calls to the $xoopsSecurity class / check command on that specific page where it annoys you.

greetings
birdseed
4
irmtfan
Re: core 2.2.4: token system annoying

  • 2006/7/10 13:30

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


Ok i disable it.
IMO usablity is more important that security.
if user dont be able to send post what is the benefit of security?
5
birdseed
Re: core 2.2.4: token system annoying

  • 2006/7/10 13:59

  • birdseed

  • Just popping in

  • Posts: 59

  • Since: 2005/2/26


Hi

you haven't read my posting attentively. XOOPS security disallows the repeated sending of POST requests.

greets
bsm

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

323 user(s) are online (219 user(s) are browsing Support Forums)

Members: 1

Guests: 322

Mamba,

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits