THT Community

Full Version: Client Unabled to login due to "Possible CSRF attack detected"
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi,
One of my client is getting this.
Quote:"Possible CSRF attack detected. Please make sure cookies are enabled."

He is the only one getting this. I asked him to try clearing the cookies he even tried to use another browser but still nothing has worked for him.

Can someone advise?
Is he on a company network? The company server might be blocking certain elements needed to pass it through. Have him connect directly to his modem and see if that works. Sometimes routers will be configured to block certain things as well. If he's using it directly through the modem, then its something on his computer. In that case, he needs to check his browser config to see if he has cookies enabled.
He tried to login through another PC but same results, Then i asked him his login details and tried on my PC got the same error.
But i can login using my test client account normally.

So i don't think this is something related to a computer or network.
ll i have to disabled CSRF to fix this? If so how can i do this?
@Fakher
I asked that question too, here:
http://thehostingtool.com/forum/thread-2044.html

So far no answer

It is a pain as I am on a wired ethernet direct connection to the Internet.
I can connect most the time OK but when I try to do anything in Admin I get that message more often than not, so I am still waiting to find a way to disable CSRF altogether because my past experience of being an Admin using THT is that the CSRF is just not worth the trouble.

So unfortunately until there is a solution to this CSRF problem I cannot use THT.

I use loads of different Browsers with cookies enabled, similar results with all.
I just want rid of CSRF!
I responded to the message on that thread just now. Here's the solution.

In includes/compiler.php:

FIND:
PHP Code:
require_once("csrf-magic.php"); 

CHANGE IT TO:
PHP Code:
//require_once("csrf-magic.php"); 
Got it.
Thanks
Ok I have disabled CRF .....