OTRS 4.0.6+ITSM
I see in logs "Invalid Challenge Token" and do not understand why it appears - application works fine.
The code which displays this error message is here:
/opt/otrs/Kernel/Output/HTML/Layout.pm
Rows 823 and 828 - both inside single function: ChallengeTokenCheck
I know there is option to disable it:
Framework -> Core::Session -> SessionCSRFProtection
but would prefer to keep it on and find what causes this. This function as understand CSRF attack is for protecting user from hostile session capture by someone else.
Is it possible that it appears if logging in from several web browsers/tabs or computers? Nobody uses otrs - it is just set for testing in LAN network. Only few people has access.
OTRS Invalid Challenge Token why it happens?
Moderator: crythias
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: OTRS Invalid Challenge Token why it happens?
Or someone clicks a link with a challenge key that has expired.zbigniew wrote:Is it possible that it appears if logging in from several web browsers/tabs or computers?
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask