Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Client Unabled to login due to "Possible CSRF attack detected"
#1
Hi,
One of my client is getting this.
Quote:"Possible CSRF attack detected. Please make sure cookies are enabled."

He is the only one getting this. I asked him to try clearing the cookies he even tried to use another browser but still nothing has worked for him.

Can someone advise?
HostingDream - Free Shared and Reseller Cloud Hosting Offers
█ Shared | Reseller | Cloud Server | Cloud Linux |
Reply
#2
Is he on a company network? The company server might be blocking certain elements needed to pass it through. Have him connect directly to his modem and see if that works. Sometimes routers will be configured to block certain things as well. If he's using it directly through the modem, then its something on his computer. In that case, he needs to check his browser config to see if he has cookies enabled.
---
See my GitHub at https://github.com/cozylife
Reply
#3
He tried to login through another PC but same results, Then i asked him his login details and tried on my PC got the same error.
But i can login using my test client account normally.

So i don't think this is something related to a computer or network.
ll i have to disabled CSRF to fix this? If so how can i do this?
HostingDream - Free Shared and Reseller Cloud Hosting Offers
█ Shared | Reseller | Cloud Server | Cloud Linux |
Reply
#4
@Fakher
I asked that question too, here:
http://thehostingtool.com/forum/thread-2044.html

So far no answer

It is a pain as I am on a wired ethernet direct connection to the Internet.
I can connect most the time OK but when I try to do anything in Admin I get that message more often than not, so I am still waiting to find a way to disable CSRF altogether because my past experience of being an Admin using THT is that the CSRF is just not worth the trouble.

So unfortunately until there is a solution to this CSRF problem I cannot use THT.

I use loads of different Browsers with cookies enabled, similar results with all.
I just want rid of CSRF!
Never Say Never, Anything is Possible!
http://cybercapital.co.uk/
Reply
#5
I responded to the message on that thread just now. Here's the solution.

In includes/compiler.php:

FIND:
PHP Code:
require_once("csrf-magic.php"); 

CHANGE IT TO:
PHP Code:
//require_once("csrf-magic.php"); 
---
See my GitHub at https://github.com/cozylife
Reply
#6
Got it.
Thanks
Never Say Never, Anything is Possible!
http://cybercapital.co.uk/
Reply
#7
Ok I have disabled CRF .....
HostingDream - Free Shared and Reseller Cloud Hosting Offers
█ Shared | Reseller | Cloud Server | Cloud Linux |
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)