Marco Ro Posted May 29, 2018 Share Posted May 29, 2018 Hi guys, What mean this error? and when show up? This request was aborted because it appears to be forged. (in /wire/core/SessionCSRF.php line 190) Link to comment Share on other sites More sharing options...
kixe Posted May 29, 2018 Share Posted May 29, 2018 All forms in the backend of processwire are secured against CSRF attacks by assigning them a one-time token. This will ensure that the page and the current session that generates the form is the same as the one that receives the form. E. g. The error message appears when a backend page (also Login) is open and the session has expired, or the session cookie has been deleted from the browser or could not be set in the browser. 1 1 Link to comment Share on other sites More sharing options...
wbmnfktr Posted May 29, 2018 Share Posted May 29, 2018 Not a reason but a scenario for this error message. This can also happen when you use Password managers like 1Password/LastPass with Autofill-function. At least it happens to me regularly on different PW sites. Example: You click in 1Password on your "PW Login" entry and say open & auto-fill/login. 1Password will opens your default browser, redirects to your login site, enters your credentials and submits them. I don't know exactly why PW denies access in some cases but maybe it's way too fast for a human/regular login. Link to comment Share on other sites More sharing options...
Marco Ro Posted May 29, 2018 Author Share Posted May 29, 2018 For me I thing was something different I was doing a test to the checkout page, I was log-in with one name but enter by hand other data to fill the form. Maybe could be this that have make a error. honestly this maybe doesn't make much sense but I don't know what else could have triggered the error. Link to comment Share on other sites More sharing options...
kixe Posted May 29, 2018 Share Posted May 29, 2018 @wbmnfktr 54 minutes ago, wbmnfktr said: Not a reason but a scenario for this error message. The reason is the invalid token: https://github.com/processwire/processwire/blob/bdaf8810cbb71944820c45e0b297d0b75f1e60be/wire/core/SessionCSRF.php#L176-L191 1 hour ago, wbmnfktr said: At least it happens to me regularly on different PW sites. Make sure that the session cookie is set and valid and that the current valid token is sent with the form. Link to comment Share on other sites More sharing options...
mr-fan Posted May 29, 2018 Share Posted May 29, 2018 I had this on an full webspace....so site is running...but there is no more place for the session on the webserver so i get the same message. After stopping an uncontrolled backupscript and delete a lot of waste all works again... 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now