Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Bernie Hogya Posted October 14, 2021 Posted October 14, 2021 I have the exact same problem. Is there an easy fix?
Marc Posted October 14, 2021 Posted October 14, 2021 I have split this into its own topic for you. Could you please disable all 3rd party items in the first instance, and let us know if you are having the same issue when all 3rd party items are disabled?
Vegan Gaymer Posted October 16, 2021 Posted October 16, 2021 Same issue here. I updated my privacy policy and required users to agree with the updated terms and we get this error.
Marc Posted October 18, 2021 Posted October 18, 2021 On 10/16/2021 at 5:47 PM, Vegan Gaymer said: Same issue here. I updated my privacy policy and required users to agree with the updated terms and we get this error. Could you please confirm are your users getting this logging in, or are you getting it when you update the terms?
Circo Posted November 17, 2021 Posted November 17, 2021 My users have been reporting this same error for sometime now while logging in. Once they get the error they can click on any link in the menu and they are logged in. This morning while working on my site; I was finally able to capture the error myself. I went through and disabled applications/addons one at a time and tested. Nothing fixed the error. I also re-did Privacy Policy information and nothing changed either.
Jim M Posted November 17, 2021 Posted November 17, 2021 20 minutes ago, Circo said: My users have been reporting this same error for sometime now while logging in. Once they get the error they can click on any link in the menu and they are logged in. This morning while working on my site; I was finally able to capture the error myself. I went through and disabled applications/addons one at a time and tested. Nothing fixed the error. I also re-did Privacy Policy information and nothing changed either. Did you switch to an unmodified theme (if applicable) too to test? Are you noticing this on specific users or all users? If specific, could you please let me know their display name(s)?
Circo Posted November 17, 2021 Posted November 17, 2021 3 minutes ago, Jim M said: Did you switch to an unmodified theme (if applicable) too to test? Are you noticing this on specific users or all users? If specific, could you please let me know their display name(s)? Well, sortta... The theme I'm using is the default IPS theme that I've modified a little for a larger header. As far as I can tell; this seems to happen for all users as well as myself. It only happens if the user is logging in from the main URL (I guess it's an articles page), but does not happen if using the /forums url.
Jim M Posted November 17, 2021 Posted November 17, 2021 41 minutes ago, Circo said: Well, sortta... The theme I'm using is the default IPS theme that I've modified a little for a larger header. As far as I can tell; this seems to happen for all users as well as myself. It only happens if the user is logging in from the main URL (I guess it's an articles page), but does not happen if using the /forums url. I would suggest trying this first with an unmodified theme as even the smallest changes to a template can cause the upgrader to not upgrade that template and it could be missing code changes from version to version. Each upgrade a theme needs to be double checked for compatibility issues, I'm afraid. I would recommend also checking and removing any custom .htaccess entries you have any leaving just the ones that come with our software in case something is causing an issue there.
Circo Posted December 12, 2021 Posted December 12, 2021 On 11/17/2021 at 1:26 PM, Jim M said: I would suggest trying this first with an unmodified theme as even the smallest changes to a template can cause the upgrader to not upgrade that template and it could be missing code changes from version to version. Each upgrade a theme needs to be double checked for compatibility issues, I'm afraid. I would recommend also checking and removing any custom .htaccess entries you have any leaving just the ones that come with our software in case something is causing an issue there. Jim, I've done everything suggested and still getting this error. I've used unmodified theme, disabled all 3rd party apps, etc. If i go to my site mysite.com/forums I am able to log in and navigate the site just fine. If I go to mysite.com it shows me as logged out. If I click to login from mysite.com it gives the CSRF error. I am not using any custom .htaccess files other than the one that come with IPS. It appears that I am not able to change the default app either. My default app is currently pages with articles page. I was thinking that going to mysite.com should use the default app. I tried changing the default app to forums, but it still shows the old pages/articles page. I deleted the page so now anyone going to to my main url are getting "The page you requested does not exist". I don't know if these are different problems or if they are part of the same. I'm not sure what else to check or do.
Marc Posted December 13, 2021 Posted December 13, 2021 Please could you let us know which site this is on?
Circo Posted December 14, 2021 Posted December 14, 2021 On 12/13/2021 at 4:15 AM, Marc Stridgen said: Please could you let us know which site this is on? vpuniverse This also seems to happen sometimes when accessing admin. I can't seem to duplicate the admin one as easily as I am the main site one.
Marc Posted December 14, 2021 Posted December 14, 2021 Could I ask, are you able to repicate this yourself on the front end? I cannot login as unfortunately the access details on file are incorrect
Circo Posted December 16, 2021 Posted December 16, 2021 On 12/14/2021 at 10:11 AM, Marc Stridgen said: Could I ask, are you able to repicate this yourself on the front end? I cannot login as unfortunately the access details on file are incorrect Login details have been updated. Yes, I am able to duplicate the front end issue on a regular basis. Login to the main domain using /forums. Then go back to the main URL, you'll see that you are not signed in (you really are though if you go to /forums), click sign-in. You should get the CSRF response.
Marc Posted December 16, 2021 Posted December 16, 2021 Could you please check on your server to ensure that no caching is enabled on there. If it is, please disable while testing this.
Circo Posted December 16, 2021 Posted December 16, 2021 4 minutes ago, Marc Stridgen said: Could you please check on your server to ensure that no caching is enabled on there. If it is, please disable while testing this. I have caching on via Cloudflare. I've changed it to development mode for now as well as took the forums offline, but your login should still login.
Jim M Posted December 16, 2021 Posted December 16, 2021 Is there a specific URL which you have bookmarked or are using when this happens? Unfortunately, when logging in with the credentials provide on both the front-end and ACP, I am not encountering this error.
Apfelstrudel Posted December 17, 2021 Posted December 17, 2021 From time to time I have the same issue when pressing „mark site read“. It appears only since update to 4.6.9. I can‘t reproduce it exactly but never had it in the past before the update.
Marc Posted December 17, 2021 Posted December 17, 2021 We need exact URLs when these issues are occurring if possible, then we can advise accordingly.
Apfelstrudel Posted December 17, 2021 Posted December 17, 2021 (edited) Marc, you have our URL in your backend. It happens in the unread content stream but only from time to time. Edited December 17, 2021 by Apfelstrudel
Circo Posted December 17, 2021 Posted December 17, 2021 18 hours ago, Jim M said: Is there a specific URL which you have bookmarked or are using when this happens? Unfortunately, when logging in with the credentials provide on both the front-end and ACP, I am not encountering this error. No, it's not with a bookmark. I'm able to duplicate this each and every time. Even tested from a friends computer that I've never used before. I go to vpuniverse.com, log-in, it takes to /forums. Go back to vpuniverse.com, not using back button but going to main domain directly. It shows user not logged in. Log-in, get CSRF response. It doesn't matter if it's my account or my test user account that's setup for you.
Apfelstrudel Posted December 17, 2021 Posted December 17, 2021 (edited) BTW I get the same CSRF error when using the original unmodified theme. 😉 My normal use case is: Opening unread content stream and pressing „mark site read“. 😉 -> CSRF error (sometimes) Edited December 17, 2021 by Apfelstrudel
Management Matt Posted December 21, 2021 Management Posted December 21, 2021 The most common reason for a CSRF failure would be a change of session ID. Have you noticed any issues with sessions recently?
Apfelstrudel Posted December 22, 2021 Posted December 22, 2021 No, I didn‘t have. Only since 4.6.9 and also with the original theme.
Circo Posted December 22, 2021 Posted December 22, 2021 23 hours ago, Matt said: The most common reason for a CSRF failure would be a change of session ID. Have you noticed any issues with sessions recently? I have not, but not quite sure what to look for exactly.
Recommended Posts