Security token error

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • CorbinH
    Senior Member
    • May 2009
    • 232
    • 4.0.0

    Security token error

    One of our members has just received this message.
    He states that it appeared after he was away from his computer for a few minutes.

    Click image for larger version

Name:	Sejacs-Error.jpg
Views:	447
Size:	95.8 KB
ID:	4398885
  • In Omnibus
    Senior Member
    • Apr 2010
    • 2310

    #2
    That's expected behavior. If you leave the forums on a specific page for more than I believe it's 15 minutes you will get that error because the cookie times out.

    Comment


    • CorbinH
      CorbinH commented
      Editing a comment
      Okay, thanks for the quick reply. We'll keep an eye on it and see what happens
      Could it be also be something to do the the auto-save time setting?
  • Wayne Luke
    vBulletin Technical Support Lead
    • Aug 2000
    • 73981

    #3
    Could it be also be something to do the the auto-save time setting?
    It is a standard security feature. Every page load has a security token embedded in it. This allows the server to verify that form input comes from your site and not some other random site that is trying to phish your users for information. These tokens have a limited lifespan and change per user. The auto-save may have triggered the error. Refreshing the page should resolve the error.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment

    • Craig
      Senior Member
      • Jan 2008
      • 996
      • 6.X

      #4
      I know this is an older thread, but if you select the hyperlink in the message it brings me too a 400 page. Is this normal on a ssl site?

      I only get it on my cell phone (apple) as i sometimes don't close out the page (safari) properly.

      I suspect it is normal as the token times out and perhaps no longer recognizes the url?
      adktramping ~ my happy place.

      "Whoever said practice makes perfect was an idiot. Humans can't be perfect because we're not machines." ~ Sam Gardner.

      Vote for your favorite feature requests and the bugs you want to see fixed.

      Comment

      • Wayne Luke
        vBulletin Technical Support Lead
        • Aug 2000
        • 73981

        #5
        It is a link to the Contact Us page specified under Settings -> Options -> Site Name / URL / Contact Us Details. Loading a new page loads a new Security Token. Security Tokens are never included in the actual URL. That would defeat the entire purpose of a Security Token.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment

        • Craig
          Senior Member
          • Jan 2008
          • 996
          • 6.X

          #6
          What would return a 400 error then?
          adktramping ~ my happy place.

          "Whoever said practice makes perfect was an idiot. Humans can't be perfect because we're not machines." ~ Sam Gardner.

          Vote for your favorite feature requests and the bugs you want to see fixed.

          Comment

          • Wayne Luke
            vBulletin Technical Support Lead
            • Aug 2000
            • 73981

            #7
            The 400 Bad Request error is an HTTP status code that means that the request you sent to the website server, often something simple like a request to load a web page, was somehow incorrect or corrupted and the server couldn't understand it.

            Your web server returned this what is the full error in its access logs and what is that URL that was incorrect?
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment

            • Craig
              Senior Member
              • Jan 2008
              • 996
              • 6.X

              #8
              I’ll check the error log but I suspect it is the embedded link in the message that goes here;

              https://xxxx-xxxxxxx.org/%251$s

              It should go to the contact us form, no?
              Last edited by Craig; Sat 20 Apr '19, 1:20pm.
              adktramping ~ my happy place.

              "Whoever said practice makes perfect was an idiot. Humans can't be perfect because we're not machines." ~ Sam Gardner.

              Vote for your favorite feature requests and the bugs you want to see fixed.

              Comment

              • Craig
                Senior Member
                • Jan 2008
                • 996
                • 6.X

                #9
                Access logs;

                Code:
                xx.xxx.xxx.xx - - [20/Apr/2019:08:34:59 -0400] "GET /%251$s HTTP/2" 404 12565 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Mobile/15E148 Safari/604.1"
                
                xx.xxx.xxx.xx - - [20/Apr/2019:08:34:59 -0400] "GET /js/privacy-consent-banner.js?v=545 HTTP/2" 200 1153 "https://xxxx-xxxxxxx.org/%251$s" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Mobile/15E148 Safari/604.1"
                
                xx.xxx.xxx.xx - - [20/Apr/2019:08:34:59 -0400] "GET /css.php?styleid=1&td=ltr&sheet=css_b_modal_banner.css&ts=1555431637 HTTP/2" 200 407 "https://xxxx-xxxxxxx.org/%251$s" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like M
                adktramping ~ my happy place.

                "Whoever said practice makes perfect was an idiot. Humans can't be perfect because we're not machines." ~ Sam Gardner.

                Vote for your favorite feature requests and the bugs you want to see fixed.

                Comment

                • Wayne Luke
                  vBulletin Technical Support Lead
                  • Aug 2000
                  • 73981

                  #10
                  There should not be a %251$s in any URL.

                  What is the result of this query:

                  Code:
                  SELECT * FROM routenew WHERE name='contact-us';
                  There have been some issues fixed with the privacy consent in versions after 5.4.5. You may be running into one of those issues.
                  Last edited by Wayne Luke; Wed 24 Apr '19, 10:01am.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API

                  Comment

                  • Craig
                    Senior Member
                    • Jan 2008
                    • 996
                    • 6.X

                    #11
                    I get the following back;

                    Code:
                     localhost/renamed_db/routenew/        https://.hostname.com:2083/cpsess9242804887/3rdparty/phpMyAdmin/db_qbe.php?db=xxxxxx_db&token=54b8bcda6e5747a0e27e9df6751f8030
                    
                    
                    
                    
                    
                            Your browser has phpMyAdmin configuration for this domain. Would you like to import it for current session?        
                            Yes
                            / No
                            / Delete settings
                    
                    
                    
                     Showing rows 0 -  0 (1 total, Query took 0.0010 seconds.)
                    
                     Switch to visual builder
                    
                    SELECT * FROM routenew WHERE name='contact-us';
                    
                    
                    
                    15    contact-us    NULL    contact-us    contact-us    vB5_Route_Page    page    index        a:1:{s:6:"pageid";s:1:"5";}    5    vbulletin    vbulletin-4ecbdacd6a6f13.66635713    NULL
                    adktramping ~ my happy place.

                    "Whoever said practice makes perfect was an idiot. Humans can't be perfect because we're not machines." ~ Sam Gardner.

                    Vote for your favorite feature requests and the bugs you want to see fixed.

                    Comment

                    • Wayne Luke
                      vBulletin Technical Support Lead
                      • Aug 2000
                      • 73981

                      #12
                      That looks correct. I suggest upgrading as a race condition could make the variable incorrect in specific rendering of the page.
                      Translations provided by Google.

                      Wayne Luke
                      The Rabid Badger - a vBulletin Cloud demonstration site.
                      vBulletin 5 API

                      Comment

                      • Craig
                        Senior Member
                        • Jan 2008
                        • 996
                        • 6.X

                        #13
                        Resolved via 5.5.0 upgrade.
                        adktramping ~ my happy place.

                        "Whoever said practice makes perfect was an idiot. Humans can't be perfect because we're not machines." ~ Sam Gardner.

                        Vote for your favorite feature requests and the bugs you want to see fixed.

                        Comment

                        Related Topics

                        Collapse

                        Working...