Xibo

pb token security

Asked by dpopo

Hello everybody ive got a problem wit"token security.
When i download all files my server , i ve got an invalid token in the log table .
Have you got an idea for me please please.
thanks
David Popovic

Question information

Language:
French Edit question
Status:
Solved
For:
Xibo Edit question
Assignee:
No assignee Edit question
Solved by:
Dan Garner
Solved:
Last query:
Last reply:
Revision history for this message
Dan Garner (dangarner) said : 		#1

Hi David,

What is the exact error message in the log table?
And also how is the log table's error message manifesting itself in the interface? When you upload files?

Cheers,
Dan

Revision history for this message
dpopo (david-popovic) said : 		#2

hello Dan,

Thank you for your reply,

I will summarize the situation,
I made a pre-installed on a server ubuntu 8.04 everything was working.
Then I transferred the files Xibo and the database on my domain.

on my field, the page always returns the login page, login and password ok ".

when I'll watch what happens at the table I get this log:

17 19/06/2009 07:58 error Form token incorrect from: 89.156.250.224 with token [6aa75364cd392d4a268f666b95b43a6c] /xibo2/index.php?q=login&referingPage=index 89.156.250.224 0 Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729) 0 0 0 0

I checked the interclassement of the database everything is in utf8.
If you have an idea

Revision history for this message
Best Dan Garner (dangarner) said : 		#3

Sorry - am still not clear...

1. You can login and everything is working as expected? But you get that error message in the Log...

OR

2. You cant login and everything is broken... and you think it is because of the message in the log?

If you are experiencing 2 you could try to manually truncate the sessions table on your installation.

You would expect to get that error if the form has been open a long time. When a form is loaded we cache a "token" within the form and also within the current session. When you submit the form these two tokens are compared to make sure the form was generated and submitted by the same session.

If you have the form open a long time (over 25 mins usually) then the session will time out and the token comparison will fail.

Sorry for the delay in replying - I hope this helps.

Revision history for this message
dpopo (david-popovic) said : 		#4

Thanks Dan Garner, that solved my question.