Page 1 of 1

CSRF invalid token

Posted: Tue Aug 09, 2022 9:10 am
by Antonio
Hi all,
I'm Antonio from Italy and I'm new in this forum :)
I had download and installed a Timetrex for Debian Linux 11.
the installation was successfully completed, but when i try to login for first time i received the pop-up error:
"invalid CSRF Token, please refresh your browser and try again".
I have cancelled all token in the browser, but the error isn't solved.
in the file timetrex.ini.php I have enabled the row: "enable_csrf_validation = TRUE"
but not solved.

the version of timetrex is: TimeTrex_Community_Edition_15.3.3
OS Debian 11
PHP 8

have any idea to resolve this issue?

Thanks a lot, and sorry form my bad English
By Antonio

Re: CSRF invalid token

Posted: Tue Aug 09, 2022 10:13 am
by shaunw
That is usually caused by your web browser not saving cookies from TimeTrex.

You can set: "enable_csrf_validation = FALSE" to turn off CSRF validation at least to test, though its not recommended to leave off for security reasons.

Re: CSRF invalid token

Posted: Sat Aug 13, 2022 2:49 am
by Antonio
Thank you for replay :)
i have applied the modify you have suggest, now I don't receive the error of CSFR, but don't log on site, and don't receive any error or message.
I have restarted the linux but the issue don't solve

Re: CSRF invalid token

Posted: Mon Aug 15, 2022 7:56 am
by shaunw
Ya, the root problem is with cookies not working properly and not the CSRF functionality itself.

What URL do you use to access TimeTrex, and what is the 'hostname' setting under the [other] section in your timetrex.ini.php file set too?