View Issue Details

IDProjectCategoryView StatusLast Update
0012871mantisbtauthenticationpublic2012-11-01 07:45
ReporterMario Splivalo Assigned Todregad  
Status closedResolutionunable to reproduce 
PlatformLinuxOSDebianOS Version5
Product Version1.2.4 
Summary0012871: Unable to request password reset - ERROR 2800

When I want to reset password, even for nonexistent user, after filling up the form and clicking on 'Submit' I get:

Invalid form security token. Did you submit the form twice by accident?

Steps To Reproduce

Go to lost_pwd_page.php
Enter any username/email combination (existing/nonexisting, doesn't matter)
Click Submit
See the error

TagsNo tags attached.


related to 0012381 closeddregad APPLICATION ERROR #2800 
related to 0013082 closeddregad Application 2800 Error When Reporting Issues 




2011-03-22 06:13

reporter   ~0028453

Does the client have cookies enabled?

Is the PHP session timeout (defined within php.ini) long enough (and working) between the time taken for the lost password page to be requested and when the form is submitted?

Mario Splivalo

Mario Splivalo

2011-03-22 11:26

reporter   ~0028457

Yeps, cookies are enabled.
PHP session timeout (I assume you think session.gc_maxlifetime) is set to 14400 seconds.

This is default debian apache/php installation.

From the time my browser rendered lost_pwd_page.php script and the time I pressed 'submit' there is maximum 10 seconds.



2012-03-20 06:01

reporter   ~0031496

As the notes in 0013082 state, the problem might be related to the usage of IE. I had one user that is using IE8, that had this problem. The error occured on Mantis 1.2.5 with PHP 5.2.11.

Deleting cookies and cache helped for her.



2012-04-16 11:27

reporter   ~0031669

Ok, it seems that deleting cookies and clearing cache did not help.

The problems occurs with IE and with Firefox. What makes it even worse, is, that she gets the same error when trying to login normally. Does anybody have an idea for me what to do?



2012-04-18 04:25

reporter   ~0031682

Some feedback for this: the user connected to Mantis with a wrong URL (e.g. IP/mantis instead of IP/Mantis). According to issue 0012438 I redirected these and other misspellings to the correct URL. After correcting the URL for the user to IP/Mantis, everything seems to work fine.

Unfortunately, I don't know if this is the only user that used an incorrect URL, as the server is redirecting as described. So I can't really determine if there is a connection between these two issues.



2012-10-19 05:25

developer   ~0033275

I was not able to reproduce this issue, including on IE8.

Did you try increasing session.gc_maxlifetime ? Is php session / garbage collection working properly ?

Issue History

Date Modified Username Field Change
2011-03-21 11:42 Mario Splivalo New Issue
2011-03-22 06:13 dhx Note Added: 0028453
2011-03-22 06:13 dhx Assigned To => dhx
2011-03-22 06:13 dhx Status new => feedback
2011-03-22 11:26 Mario Splivalo Note Added: 0028457
2011-03-22 11:26 Mario Splivalo Status feedback => assigned
2011-06-15 02:10 atrol Relationship added related to 0013082
2012-03-20 06:01 JanHegewald Note Added: 0031496
2012-04-16 11:27 JanHegewald Note Added: 0031669
2012-04-18 04:25 JanHegewald Note Added: 0031682
2012-10-19 05:21 dregad Relationship added related to 0012381
2012-10-19 05:25 dregad Note Added: 0033275
2012-10-19 05:25 dregad Status assigned => resolved
2012-10-19 05:25 dregad Resolution open => unable to reproduce
2012-10-19 05:25 dregad Assigned To dhx => dregad
2012-11-01 07:45 atrol Status resolved => closed