View Issue Details

IDProjectCategoryView StatusLast Update
0026275mantisbtauthorizationpublic2019-11-19 04:51
Reportertraynaud Assigned To 
Status newResolutionopen 
OSwindowsOS Version10 
Product Version2.1.0 
Summary0026275: ERROR 403 Forbidden on Chrome and Firefox cause of cookies

Many times a day we have this error.
We try to analyse but the problem seems to be link to cookies.
Working in same times with Mantis and a Prima solution web app reproduce systematically this error.
We suppose that there is a conflict between their owns cookies

TagsNo tags attached.




2019-10-16 08:52


capture.jpg (1,066,506 bytes)


2019-10-16 12:28

developer   ~0062985

The provided information is not sufficient to provide any help in resolving the issue. A complete and detailed description is required for the support team to get a clear understanding of the problem, starting with the URL being accessed that is throwing the 403 error. Your screenshot does not help at all.

Note that Mantis 2.1.0 is nearly 3 years old. I strongly recommend that you upgrade to the latest release. At least you need to confirm that the problem can be reproduced in 2.22.1.

Please explain what you do, what are the results you expect to get and what you actually get.

Also provide detailed, step-by-step instructions to reproduce the issue; the additional information listed below may also be useful:

  • Exact version of MantisBT, PHP, Database, Web server, Browser and Operating System
  • Relevant customizations (e.g. changes in config_inc.php, etc)
  • Installed plugins or custom functions ?
  • Was the MantisBT source code modified in any way ?


2019-10-17 08:52

reporter   ~0062989

Sorry for missing informations :

Infos Server OS:
cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID_LIKE="rhel fedora"
PRETTY_NAME="CentOS Linux 7 (Core)"


uname -r

Infos Mantis:

Version de MantisBT 2.1.0
Version du schéma 209
Chemin du site /var/www/html/mantisbt-2.1.0/
Chemin du répertoire principal /var/www/html/mantisbt-2.1.0/core/
Chemin des plugins /var/www/html/mantisbt-2.1.0/plugins/

Greffon Description Dépendances Priorité Protégé Actions
Avatars via Gravatar 2.1.0 Description
Auteur : Victor Boctor
Site web : MantisBT Core 2.0.0

Email Reporting 0.10.0 Offers the functionality to add issues and notes by email.
Auteur : Indy and various people after him.
Site web : MantisBT Core 1.3.0, <2.99.99

Formatage de MantisBT 2.1.0 Plugin officiel de traitement et de formatage du texte.
Auteur : MantisBT Team
Site web : MantisBT Core 2.1.0

Graphiques Mantis 2.1.0 Plugin de graphiques officiel.
Auteur : MantisBT Team
Site web : MantisBT Core 2.0.0

MantisBT Core 2.1.0 Core Plugin API for the Mantis Bug Tracker.
Auteur : MantisBT Team
Site web : Aucune dépendance
MantisStats 2.4.0 Plugin de la statistique pour MantisBT
Auteur : Avetis Avagyan
Site web : MantisBT Core 2.0.0

Greffon Description Dépendances Actions
Importer / Exporter des bugs 2.1.0 Permet d'importer et exporter des fichiers au format XML compatible avec MantisBT.
Auteur : MantisBT Team
Site web : MantisBT Core 2.0.0
MantisBT Markdown 1.1.2 Markdown processing plugin.
Auteur : Frank Bültge
Site web : MantisBT Core 1.2.0
Formatage de MantisBT 1.0a

Infos php :

php --version
PHP 5.4.16 (cli) (built: Oct 30 2018 19:30:51)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

Browsers version :
Google chrome 72.0.3626.109
Firefox ESR 68.1.0

In google chrome there this message in console "Active resource loading counts reached a per-frame limit while the tab was in background. Network requests will be delayed until a previous loading finishes, or the tab is brought to the foreground. See for more details"

Mantis Forbidden.png (31,582 bytes)   
Mantis Forbidden.png (31,582 bytes)   


2019-10-17 09:10

reporter   ~0062991

I find two config files

config_inc.php (47 bytes)   
config_inc.php (47 bytes)   


2019-10-17 09:32

developer   ~0062992

@traynaud I deleted your custom config file, as it contained a lot of sensitive information (passwords, crypto salt, etc). I strongly suggest you immediately change these passwords since they have potentially been compromised. Feel free to upload the file again, after removing anything that should not be available on a public web site.



2019-10-17 09:32

developer   ~0062993

Last edited: 2019-10-17 09:34

View 2 revisions

confirm that the problem can be reproduced in 2.22.1.

You have not responded on that

Please check also, if problem persists without any 3rd party plugins (i.e. uninstall Email Reporting , MantisStats, MantisBT Markdown)

PHP 5.4.16

Please note that we require PHP 5.5 or later (although this is unlikely to be causing the problem you're facing)

You may also want to check if there is anything in the webserver / PHP logs.



2019-10-17 10:38

reporter   ~0062995

We can't upgrade because we are using squash test and the compatibility is compromise for us after this version of mantis



2019-10-17 10:41

reporter   ~0062996

I'm asking for PHP updating



2019-10-17 10:57

developer   ~0062997

Last edited: 2019-10-17 10:58

View 2 revisions

We can't upgrade

It's your decision. Just consider 47 security issues fixed since 2.1.0...

Also you need to demonstrate that the problem is reproducible in the latest release, because we don't support 2.1.0 anymore.



2019-10-17 11:24

reporter   ~0063000

Can you change the visibility of the ticket to private ?



2019-10-17 11:32

developer   ~0063002

Can you change the visibility of the ticket to private ?

I could, but don't see the point - I already removed the file.



2019-10-17 11:41

reporter   ~0063003

Thank's you a lot for this fast removing
But it's a request of my hierarchy



2019-10-17 11:55

developer   ~0063004

Well I'm sorry but this is a public support channel for open-source software, and our policy is to leave everything visible for the benefits of the community. I'm willing to selectively edit out or remove other sensitive data as necessary if you tell me what it is, but not to hide the whole issue.



2019-10-18 01:41

reporter   ~0063006

we have the same issue in some specific conditions. We are on 2.22.1 version.
Steps to reproduce it:

  1. Report Issue
  2. Set Summary: Why mantis throw 403 ?
  3. Set Description: Why mantis throw 403 ?
  4. Submit Issue
  5. Edit
  6. Set Status: Resolved
  7. Set Resolution: No change required
  8. Update information
  9. Receive 403 [Forbidden] to bug_update.php


2019-10-18 03:27

reporter   ~0063007

Hi dregad,
I understood and agree with your policy
I'll send more carefully informations from now on

Thank's you mtulodzi for your example



2019-11-19 04:25

reporter   ~0063111

Last edited: 2019-11-19 04:51

View 3 revisions


It seems we have an issue with Dynatrace. In fact, Dynatrave creates a dtSa cookie. When it's populated, we have the 403 error, each time. The domains used by Dynatrace an Mantis are the same.

We are actually testing this issue by configuring Dynatrace not to create this cookie (See attached image to do this). I'll keep you informed.

Additional information to access this parameter :
disable dtSa cookie (enable debug mode (CTRL+SHIFT+F9 and see how below) - dtSa cookie is used to track so-called "delayed user actions" (e.g. a click on 1 page results in another page being loaded) if we can't use browser's localstorage to persist this info. The consequence of disabling the cookie is that such delayed user actions will not longer be reported.

disable-dtsacookie.png (152,639 bytes)   
disable-dtsacookie.png (152,639 bytes)   

Issue History

Date Modified Username Field Change
2019-10-16 08:52 traynaud New Issue
2019-10-16 08:52 traynaud File Added: capture.jpg
2019-10-16 12:28 dregad Status new => feedback
2019-10-16 12:28 dregad Note Added: 0062985
2019-10-17 08:52 traynaud Note Added: 0062989
2019-10-17 08:52 traynaud File Added: Mantis Forbidden.png
2019-10-17 08:52 traynaud Status feedback => new
2019-10-17 09:10 traynaud Note Added: 0062991
2019-10-17 09:10 traynaud File Added: config_inc.php
2019-10-17 09:10 traynaud File Added: custom_config_inc.php
2019-10-17 09:25 dregad File Deleted: custom_config_inc.php
2019-10-17 09:32 dregad Note Added: 0062992
2019-10-17 09:32 dregad Note Added: 0062993
2019-10-17 09:34 dregad Note Edited: 0062993 View Revisions
2019-10-17 09:35 dregad Status new => feedback
2019-10-17 09:35 dregad Note View State: 0062992: public
2019-10-17 10:38 traynaud Note Added: 0062995
2019-10-17 10:38 traynaud Status feedback => new
2019-10-17 10:41 traynaud Note Added: 0062996
2019-10-17 10:57 dregad Note Added: 0062997
2019-10-17 10:58 dregad Note Edited: 0062997 View Revisions
2019-10-17 11:24 traynaud Note Added: 0063000
2019-10-17 11:32 dregad Note Added: 0063002
2019-10-17 11:41 traynaud Note Added: 0063003
2019-10-17 11:55 dregad Note Added: 0063004
2019-10-18 01:41 mtulodzi Note Added: 0063006
2019-10-18 03:27 traynaud Note Added: 0063007
2019-11-19 04:25 arouillere Note Added: 0063111
2019-11-19 04:25 arouillere File Added: disable-dtsacookie.png
2019-11-19 04:48 arouillere Note Edited: 0063111 View Revisions
2019-11-19 04:51 arouillere Note Edited: 0063111 View Revisions