Closed ehrhart-jy-vig closed 2 years ago
The access log indicates the CSRF token expired. By default, it's only valid for 2 hours. It is only refreshed on a full page refresh.
Is there a way to extend the validity of the token ?
You can have a local_define.php
file in GLPI's config
directory to override any constants defined in inc/based_config.php
including GLPI_CSRF_EXPIRES
which controls how long the tokens are valid for in seconds.
Example:
<?php
if (!defined('GLPI_CSRF_EXPIRES')) {
define('GLPI_CSRF_EXPIRES', 7200);
}
I wonder if all the data passed in the corresponding request could be computed directly on server side. In this case, we could use a GET
query, and it would not be affected by CSRF token expiration.
If I recall correctly, a POST is used because there is way more data being sent to the server than can be handled in the query parameter string.
I created a file /var/www/glpi/config/local_define.php and copied the code you told me, with 12 hours of validity. It works well, thanks !
Code of Conduct
Is there an existing issue for this?
Version
10.0.3
Bug description
Hello, We have some issues with the counters display in the view tickets (/front/ticket.php). When the autorefresh is set on, with 1 minute refresh rate (not tested with other values), after a while the indicators display an exclamation mark. In the /var/www/glpi/files/_log/access-errors.log file there is some errors.
Relevant log output
Page URL
No response
Steps To reproduce
No response
Your GLPI setup information
Informations sur le système, l'installation et la configuration
Server
GLPI constants
Libraries
LDAP directories
SQL replicas
Notifications
Plugins list
Anything else?
No response