It's possible that the login form is generated with one session and then
another session is created before the token from the first session is checked.
The value of $csrf_status in the _chk_csrf subroutine in Koha/Token.pm should
specify the exact error (0 is OK, 1 is expired, 2 is invalid, 3 is malformed).
If it's not set, then there's something wrong with $params.
I would compare $params->{id} in the _gen_csrf and _chk_csrf subroutines. They
should both begin with "anonymous" since you haven't logged in yet, but they
might have different session ids. The value of $params->{secret} is likely the
same in both, but would cause a problem if it was different.
If _gen_csrf is not being called, there could be some caching issue.
Hopefully this provides a good start. Let us know what you find.
________________________________
Från: Koha-devel <koha-devel-boun...@lists.koha-community.org> för Charles
Athey via Koha-devel <koha-devel@lists.koha-community.org>
Skickat: den 14 juni 2024 03:38
Till: koha-devel@lists.koha-community.org <koha-devel@lists.koha-community.org>
Ämne: [Koha-devel] Error 303 Wrong CSRF token
We have been using Koha for about 1-1/2 years now but we don’ consider
ourselves Koha experts. I upgraded our Koha development environment system from
23.05.11 to 24.05.00 last week. It is running in an Ubuntu 22.04.4 LTS
(5.15.0-112-generic #122-Ubuntu SMP) in an AMD virtual machine. The system has
a 40G disk with 15G available. It has a duplicate of our Koha production
install.
After enabling the ERM module and adding a couple of test licenses, etc. The
next time I attempted to login to the staff interface I got an Error 303 “The
form submission failed (Wrong CSRF token). Try to come back, refresh the page,
then try again.” I have cleared the cache browser (on all browsers), rebooted
the system - no change.
If I login using the OPAC interface and then open a new window to the staff
interface, without quiting the browser, it succeeds since I don’t have to login.
All of this behavior occurs regardless of the whether I use Firefox, Chrome, or
Safari.
The Apache and Koha logs do not show any problem.
I am an experienced Linux system administrator and developer. I can read and
write PERL but don’t consider myself a PERL expert.
Is there a way to turn on more logging, specific things to try?
Any assistance would be greatly appreciated.
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : https://www.koha-community.org/
git : https://git.koha-community.org/
bugs : https://bugs.koha-community.org/
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : https://www.koha-community.org/
git : https://git.koha-community.org/
bugs : https://bugs.koha-community.org/
