Csrf token validation failed on orangehrm

up vote
0
down vote

favorite

I am getting an error with OrangeHRM platform(Human resources management).

The issue is that when logging to the site after some time (like 15 minutes) site refreshes showing the error at the image below. When logging again everything works as expected.

So i guess the the csrf value is somehow stored in the cache and used when trying to log in for the first time. After failing and refreshing the site uses the real noncached csrf value.

I have found someone with the same issue here (stackoverflow.com) The answer to the problem was that they were serving the site on http only. In my case the error exists in the production environment as well so it's not an https issue.

Any idea is welcome.

Error screenshot

asked 2 days ago

Δημήτρης Αραμπατζής

263

add a comment |

up vote
0
down vote

favorite

I am getting an error with OrangeHRM platform(Human resources management).

The issue is that when logging to the site after some time (like 15 minutes) site refreshes showing the error at the image below. When logging again everything works as expected.

So i guess the the csrf value is somehow stored in the cache and used when trying to log in for the first time. After failing and refreshing the site uses the real noncached csrf value.

Any idea is welcome.

Error screenshot

asked 2 days ago

Δημήτρης Αραμπατζής

263

add a comment |

up vote
0
down vote

favorite

I am getting an error with OrangeHRM platform(Human resources management).

The issue is that when logging to the site after some time (like 15 minutes) site refreshes showing the error at the image below. When logging again everything works as expected.

So i guess the the csrf value is somehow stored in the cache and used when trying to log in for the first time. After failing and refreshing the site uses the real noncached csrf value.

Any idea is welcome.

Error screenshot

asked 2 days ago

Δημήτρης Αραμπατζής

263

I am getting an error with OrangeHRM platform(Human resources management).

The issue is that when logging to the site after some time (like 15 minutes) site refreshes showing the error at the image below. When logging again everything works as expected.

So i guess the the csrf value is somehow stored in the cache and used when trying to log in for the first time. After failing and refreshing the site uses the real noncached csrf value.

Any idea is welcome.

Error screenshot

php symfony caching csrf browser-cache

asked 2 days ago

Δημήτρης Αραμπατζής

263

asked 2 days ago

Δημήτρης Αραμπατζής

263

asked 2 days ago

Δημήτρης Αραμπατζής

263

asked 2 days ago

Δημήτρης Αραμπατζής

263

asked 2 days ago

Δημήτρης Αραμπατζής

263

add a comment |

active

oldest

votes

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53373361%2fcsrf-token-validation-failed-on-orangehrm%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

active

oldest

votes

draft saved

draft discarded

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

Search This Blog

Ufyukyu