We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Token problems | Forum

Yevhen
Yevhen May 25 '16
I was writing new forum post during approx. 45 min. After I pushed post I got the bellow message, What is the problem?
dave Leader
dave May 25 '16
in the new version of oxwall there is a security token on every form, if you wait too long to submit the form after it loads the token will expire and you will have to leave the form and then return to reset it. And then you can post your stuff.  Just dont take forever to post and you will be fine.   
The Forum post is edited by dave May 25 '16
Darryl B Leader
Darryl B May 25 '16
That explains it. Sometimes I put a little extra thought into what I want to say. I had this to happen on a plugin forum. Bad thing was that I lost all of what I typed.
dave Leader
dave May 25 '16
For at least the last 6 years i always copy whatever i type and sometimes toss it in a notepad just because i have had that happen to me too many times. You finally finish and hit send and there is an error or something goes wrong and you lose it all.  So i just got in the habit of covering my (')   lol    
ross Team
ross May 26 '16

Quote from dave in the new version of oxwall there is a security token on every form, if you wait too long to submit the form after it loads the token will expire and you will have to leave the form and then return to reset it. And then you can post your stuff.  Just dont take forever to post and you will be fine.   
Dave +1
Yevhen
Yevhen May 26 '16
Thanks for explanations! 
Peter
Peter May 26 '16
Guys, where can I increase the token expiration time in code? Is it possible? Or it depends on the session expiration time?
The Forum post is edited by Peter May 26 '16
dave Leader
dave May 26 '16
Hi Peter, 


It is currently set for 20 minutes.  


However if that is not long enough you can change it in 


ow_utilities/csrf.php  near the top of the file it is set with this code. 


   const TOKEN_LIFETIME_IN_MINUTES = 20;


I would not play around with it too much as i have not tested the effect on the site with an increased value. If you do change it, then modify it slightly and watch your site for a few days to make sure everything is OK, if it is not then you know to set it back to 20. 



The Forum post is edited by dave May 26 '16
Peter
Peter May 28 '16
Thank you Dave.
dave Leader
dave May 31 '16
Maybe in the next version they might add that feature config setting to either the config file or as an option in the admin so you all dont have to mod the core.
Alex Thorn
Alex Thorn May 31 '16
Yes Dave it does work to change 2 values in the file: ow_utilities/csrf.php

the top value i changed from 20 to 180


and half way down the page the other value was set to 60 and i changed that to 180 as well.

i did a sign up, opened the form at 8:50 waited around until 9:32 and saved the form no problems.

thanks for the fix Dave

dave Leader
dave May 31 '16
Your welcome, i did not know there were two of them lol... thanks for sharing that :)
Achim
Achim Jun 2 '16

Quote from Alex Thorn Yes Dave it does work to change 2 values in the file: ow_utilities/csrf.php

the top value i changed from 20 to 180


and half way down the page the other value was set to 60 and i changed that to 180 as well.

I think you mean line 77. If i got the code right, the value at the top is set in seconds and here gets converted to minutes.
Yevhen
Yevhen Jun 3 '16
Perfect! Thanks for sharing!
Yevhen
Yevhen Aug 20 '17
UPDATE. Now I have the same problem on every form and even cannot login to site. csrf file has no limits now. Where should I change now?
Fabrice
Fabrice Oct 9 '17
Dave, i don't find "const TOKEN_LIFETIME_IN_MINUTES"... can somebody help me?

i send csrf.php code on my oxwall 1.8.4

The Forum post is edited by Fabrice Oct 9 '17
Attachments:
  csrf.zip (1Kb)
dave Leader
dave Oct 9 '17
Fabrice Im not sure that is the issue here, dont change too many things at once because you wont know what the solution is.  I would only change this as a last resort.  I have mine set to 20 and i upload large videos over an hour and its fine.   


So Fabrice i replied to  your other support request, do those suggestions and then get back with me. I think you may file it has nothing to do with this setting. 

dave Leader
dave Oct 9 '17
What i am referring too here is not uploading, but the actual form submittal.  When you pull up a form on the page and then fill only half of it out and then wait forever until you hit send or save or whatever button there is.  This is when it times out, so you have to fill out the form and send it, after that its fine.