BAD CSRF TOKEN
v012345 opened this issue · 7 comments
when I delete a key, I will be redirected to a 404 page which path is "http://myDomian/bad%20csrf%20token".
when I delete a key, I will be redirected to a 404 page which path is "http://myDomian/bad%20csrf%20token".
me too
also, if you have change your phpRedisAdmin/ directory to other things, will be redirect to "bad csrf token",,,
and view frame can not show any contents, because of "header('X-Frame-Options: DENY');", I have to add "Header always set X-Frame-Options "sameorigin"" to .htaccess
My bad. I have just released a fix for sameorigin
. Please upgrade to 1.16.1
and try again.
I don't really use this project anymore, but there were a bunch of security issues reported that I tried to fix. I tested it locally and everything worked fine. But it seems like with other setups things break.
For the bad csrf token
error. What version of PHP are you using and what does your session setup look like?
The CSRF code uses PHP sessions.
It does check session_status() !== PHP_SESSION_DISABLED
, but I guess something else goes wrong?
My bad. I have just released a fix for
sameorigin
. Please upgrade to1.16.1
and try again.I don't really use this project anymore, but there were a bunch of security issues reported that I tried to fix. I tested it locally and everything worked fine. But it seems like with other setups things break.
For the
bad csrf token
error. What version of PHP are you using and what does your session setup look like?
The CSRF code uses PHP sessions.
It does checksession_status() !== PHP_SESSION_DISABLED
, but I guess something else goes wrong?
I use PHP7.4.
I have updated it to 1.16.1.
But it doesn't work.
So I execute chmod -R 777 phpRedisAdmin
, MY GOD, it works.
Later I changed the permission back to 755, it still works.
So I guess the reason is PHP doesn't have the permission to create session files on my server.
And I want to where PHP saves the sessions.
That depends on how you have configured sessions on your server.
See: https://www.php.net/manual/en/session.configuration.php#ini.session.save-path
@v012345 , Check session.cookie_path
value at your php.ini.
It must contain /
or be commented