CSRF invalid token

General support regarding TimeTrex, such as
configuring policies/taxes or processing payroll.
Post Reply
Antonio
Posts: 2
Joined: Tue Aug 09, 2022 8:45 am

CSRF invalid token

Post by Antonio »

Hi all,
I'm Antonio from Italy and I'm new in this forum :)
I had download and installed a Timetrex for Debian Linux 11.
the installation was successfully completed, but when i try to login for first time i received the pop-up error:
"invalid CSRF Token, please refresh your browser and try again".
I have cancelled all token in the browser, but the error isn't solved.
in the file timetrex.ini.php I have enabled the row: "enable_csrf_validation = TRUE"
but not solved.

the version of timetrex is: TimeTrex_Community_Edition_15.3.3
OS Debian 11
PHP 8

have any idea to resolve this issue?

Thanks a lot, and sorry form my bad English
By Antonio
shaunw
Posts: 7824
Joined: Tue Sep 19, 2006 2:22 pm

Re: CSRF invalid token

Post by shaunw »

That is usually caused by your web browser not saving cookies from TimeTrex.

You can set: "enable_csrf_validation = FALSE" to turn off CSRF validation at least to test, though its not recommended to leave off for security reasons.
Antonio
Posts: 2
Joined: Tue Aug 09, 2022 8:45 am

Re: CSRF invalid token

Post by Antonio »

Thank you for replay :)
i have applied the modify you have suggest, now I don't receive the error of CSFR, but don't log on site, and don't receive any error or message.
I have restarted the linux but the issue don't solve
shaunw
Posts: 7824
Joined: Tue Sep 19, 2006 2:22 pm

Re: CSRF invalid token

Post by shaunw »

Ya, the root problem is with cookies not working properly and not the CSRF functionality itself.

What URL do you use to access TimeTrex, and what is the 'hostname' setting under the [other] section in your timetrex.ini.php file set too?
Post Reply