Hello

I am fairly new OsTicket user. That being said I really like the product! But I am having problem with "Valid CSRF Token Required" error that occurs randomly. Here is my system information:

I am currently using latest version of osticketawesome ( version 1.17.2), BUT this problem also occured WITHOUT osticketawesome theme.

Currently I have configured "Agent Session Timeout: 0", because at first it seemed that this problem only occured once user was logged out, but yesterday one user got this error while logged in.

Apache error log is clear.
In Apache access log I can see:
[28/Nov/2022:09:37:18 +0100] "POST /osTicket/scp/login.php HTTP/1.1" 200 54
[28/Nov/2022:09:37:18 +0100] "GET /osTicket/scp/login.php HTTP/1.1" 422 15375

Can somebody please point me as to where I should look next?

    Thank you! I will implement it and let you know if we encounter this error any more.

    Hello.

    I have already installed last version 1.17.2 and I applyied the patch.

    But sometimes I have trouble with lost of data in filled request form after submitting. I think that this trouble is caused by session issue.

    Process simulating issue - before process delete cookies:
    1) partially fill form - leave blank at least one required field
    2) wait composer editor do autosave
    3) submit form
    4) fill required field
    5) submit form
    Form fields are empty and request is not saved.

    Same process but all required fields are filled there is no issue.

      aleskomarek

      Don't leave a required field intentionally blank maybe? We can look into losing the data however, just don't leave required fields intentionally blank for now.

      Cheers.

        I patched include/class.usersession.php as indicated in the fix referenced above, but I am still seeing the CSRF errors when trying to log in:
        Invalid CSRF Token CSRFToken
        Invalid CSRF token [f4364c876c289fbdf110a900e5daba163fcaae80] on https://itsupporttest.example.local/login.php
        I'm trying to log in as an LDAP (Active Directory) user. The user is a regular user, not an agent or administrator.

          Hello, this error seems to occur less frequent now, but It has still occured three times during two days.
          Didn't find anything on apacher error or php error log.

            erikpahlberg

            Seems like the User's browser is changing the token, not allowing to update, slow to update, expiring faster than usual, etc. There is no way to tell what's going on without debugging it.

            Cheers.

              5 days later
              Write a Reply...