invalid form security token error after completing new user registration
Posted: 13 Oct 2018, 15:01
When a new user registers an account on our MantisBT installation, they get the activation Email, click it and fill in the real name and password and then click "Update User". After doing this they are always presented with this error.
I found the below, which just suggests updating to the latest version, however our version is much newer than what was reported there.
https://mantisbt.org/forums/viewtopic.php?t=20595
The below link refers you to the admin manual.
https://mantisbt.org/bugs/view.php?id=14122
The admin manual refers to a PHP setting, gc_maxlifetime which it says defaults to 24 mins. That's way above the timeframe involved in my testing. As I said I'm clicking the link immediately when receiving it, spending a few seconds or so typing in the field values and then clicking Update User.
It also mentions the possibility of turning $g_form_security_validation off but then mentions that this would be a security risk.
I checked the related PHP settings. So it is the default of 24 mins which should be way higher than needed for what I experienced in my test.
VERSION INFO:
Apache 2.6.32
MySQL 5.6.39
PHP 5.6.36
MantisBT 2.17.1
I just reproduced this again myself and can confirm that timeout wouldn't be an issue, I got the Email, clicked the link, quickly typed in the info and clicked Update User. I also made sure that I wasn't doing it twice.APPLICATION ERROR #2800
Invalid form security token. This could be caused by a session timeout, or accidentally submitting the form twice.
...
I found the below, which just suggests updating to the latest version, however our version is much newer than what was reported there.
https://mantisbt.org/forums/viewtopic.php?t=20595
The below link refers you to the admin manual.
https://mantisbt.org/bugs/view.php?id=14122
The admin manual refers to a PHP setting, gc_maxlifetime which it says defaults to 24 mins. That's way above the timeframe involved in my testing. As I said I'm clicking the link immediately when receiving it, spending a few seconds or so typing in the field values and then clicking Update User.
It also mentions the possibility of turning $g_form_security_validation off but then mentions that this would be a security risk.
I checked the related PHP settings. So it is the default of 24 mins which should be way higher than needed for what I experienced in my test.
Has anyone conquered this one?session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
VERSION INFO:
Apache 2.6.32
MySQL 5.6.39
PHP 5.6.36
MantisBT 2.17.1