cconard96
commented
2 years ago The access log indicates the CSRF token expired. By default, it's only valid for 2 hours. It is only refreshed on a full page refresh.
Closed ehrhart-jy-vig closed 2 years ago
cconard96
commented
2 years ago The access log indicates the CSRF token expired. By default, it's only valid for 2 hours. It is only refreshed on a full page refresh.
ehrhart-jy-vig
commented
2 years ago Is there a way to extend the validity of the token ?
cconard96
commented
2 years ago You can have a local_define.php file in GLPI's config directory to override any constants defined in inc/based_config.php including GLPI_CSRF_EXPIRES which controls how long the tokens are valid for in seconds.
Example:
<?php
if (!defined('GLPI_CSRF_EXPIRES')) {
define('GLPI_CSRF_EXPIRES', 7200);
}
cedric-anne
commented
2 years ago I wonder if all the data passed in the corresponding request could be computed directly on server side. In this case, we could use a GET query, and it would not be affected by CSRF token expiration.
cconard96
commented
2 years ago If I recall correctly, a POST is used because there is way more data being sent to the server than can be handled in the query parameter string.
ehrhart-jy-vig
commented
2 years ago I created a file /var/www/glpi/config/local_define.php and copied the code you told me, with 12 hours of validity. It works well, thanks !
Code of Conduct
Is there an existing issue for this?
Version
10.0.3
Bug description
Hello, We have some issues with the counters display in the view tickets (/front/ticket.php). When the autorefresh is set on, with 1 minute refresh rate (not tested with other values), after a while the indicators display an exclamation mark. In the /var/www/glpi/files/_log/access-errors.log file there is some errors.
Relevant log output
Page URL
No response
Steps To reproduce
No response
Your GLPI setup information
Informations sur le système, l'installation et la configuration
Server
Operating system: Linux 5.15.0-48-generic #54-Ubuntu SMP Fri Aug 26 13:26:29 UTC 2022 x86_64 PHP 8.1.10 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imap, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, readline, session, shmop, snmp, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files" upload_max_filesize="2M" Software: Apache/2.4.52 (Ubuntu) (Apache/2.4.52 (Ubuntu) Server at support-informatique Port 443 ) Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Server Software: (Ubuntu) Server Version: 8.0.30-0ubuntu0.22.04.1 Server SQL Mode: STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION Parameters: glpiuser@localhost/glpi Host info: Localhost via UNIX socket PHP version (8.1.10) is supported. Sessions configuration is OK. Allocated memory is sufficient. mysqli extension is installed. Following extensions are installed: dom, fileinfo, json, simplexml. curl extension is installed. gd extension is installed. intl extension is installed. libxml extension is installed. zlib extension is installed. The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present. Database engine version (8.0.30) is supported. The log file has been created successfully. Write access to /var/www/glpi/files/_cache has been validated. Write access to /var/www/glpi/config has been validated. Write access to /var/www/glpi/files/_cron has been validated. Write access to /var/www/glpi/files has been validated. Write access to /var/www/glpi/files/_dumps has been validated. Write access to /var/www/glpi/files/_graphs has been validated. Write access to /var/www/glpi/files/_lock has been validated. Write access to /var/www/glpi/files/_pictures has been validated. Write access to /var/www/glpi/files/_plugins has been validated. Write access to /var/www/glpi/files/_rss has been validated. Write access to /var/www/glpi/files/_sessions has been validated. Write access to /var/www/glpi/files/_tmp has been validated. Write access to /var/www/glpi/files/_uploads has been validated. Web access to the files directory should not be allowed but this cannot be checked automatically on this instance. Make sure access to error log file (/files/_log/php-errors.log) is forbidden; otherwise review .htaccess file and web server configuration. Sessions configuration is secured. exif extension is installed. ldap extension is installed. openssl extension is installed. zip extension is installed. bz2 extension is installed. Zend OPcache extension is installed. Following extensions are installed: ctype, iconv, mbstring, sodium. Write access to /var/www/glpi/marketplace has been validated. Timezones seems loaded in database.GLPI constants
Libraries
LDAP directories
SQL replicas
Notifications
Plugins list
addressing Name: Adressage IP Version: 3.0.1 State: Enabled Install Method: Manual fields Name: Champs supplémentaires Version: 1.17.3 State: Enabled Install Method: Manual behaviors Name: Comportements Version: 2.7.1 State: Enabled Install Method: Manual accounts Name: Comptes Version: 3.0.2 State: Enabled Install Method: Manual printercounters Name: Compteurs Imprimantes Version: 2.0.0 State: Enabled Install Method: Manual formcreator Name: Form Creator Version: 2.13.1 State: Enabled Install Method: Manual glpiinventory Name: GLPI Inventory Version: 1.0.4 State: Enabled Install Method: Manual pdf Name: Impression pdf Version: 2.1.0 State: Enabled Install Method: Manual notifications Name: Notifications Version: 9.5+1.0 State: Enabled Install Method: Manual oauthimap Name: Oauth IMAP Version: 1.4.1 State: Enabled Install Method: Manual ocsinventoryng Name: OCS Inventory NG Version: 2.0.1 State: Installed / not activated Install Method: ManualAnything else?
No response