Bug #71582
closedTYPO3 7.6 LTS returns security token validation error almost everytime
0%
Description
Hey there!
I'm not sure, but I think I found a bug in the latest 7.6 LTS with my server configuration, so my fresh installations (without any extensions) are unable to interact in the backend. Almost everytime I try to submit a backend form, I get an error because of security token. I tried to fix it with following methods but it takes no affect:
- Reinstall that instance
- (Re-)Login and out Fix "max_input_vars" in php to "5000"
- Clear all caches
I will be able to give root access to that, so someone could get direct view if desired. See picture for details of that error.
Interesting notices: No PHP or access errors are logged - same in ../typo3temp/logs. Not any kind of feedback neither in the ui nor in the typo3 logs. No errors in the install tool.Is there anybody from CoreDev who can help me?
Server configurations:
Webserver Apache/2.4.10 (Debian)
PHP Version 5.6.14-0+deb8u1
Database 5.5.46-0+deb8u1
Application Context Production
Operating System Linux 3.16.0-4-amd64
Nico
Files
Updated by Tom Warwick about 9 years ago
Getting exactly the same problem 7.5 > 7.6
No third party extensions installed.
Server configurations:
Webserver Apache/2.4.16 (FreeBSD)
PHP Version 5.6.14
Database 5.5.26
Application Context Production
Operating System FreeBSD 10.2-RELEASE
Updated by Nico Wellner about 9 years ago
We found out, that we are also having problems with File-Uploads.
Again, after hours of checking Apache2, PHP, etc., we decided to delete Apache2 and work with nginx.
Now, this error doesn't appear anymore - also File-Uploads are working!
We don't know why, but our apache2 have had malfunction.
BUT - Besides the fact that it finally works with nginx, I maintain that it couldn't be the solution NOT to use Apache2.
What do you all mean?
Kind regards,
Nico
Updated by Helmut Hummel almost 9 years ago
- Status changed from New to Needs Feedback
You're saying that you have no issues with TYPO3 7.5 on the same server ?
I investigated a server recently and on that box $_POST requests were randomly discarded (plain PHP script without any TYPO3 involved). In such an environment TYPO3 of course cannot function properly.
Question is, if you face similar issues here or not.
Updated by Helmut Hummel almost 9 years ago
Here is an example curl request you can test:
curl 'http://your-server.tld/test.php?M=user_setup&moduleToken=1b9047ae59a852bd3158019ed38d612c342bda67' -H 'Cookie: be_lastLoginProvider=1433416747; PHPSESSID=pamp04afm2d46m6k57agm309k1; be_typo_user=559ddca68304a1a26ee948870461bf19; Typo3InstallTool=ni98ca552e62ajkeergvo11q16' -H 'Origin: http://t6-001.ternum-dev.de' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36' -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6OOg3F3POrOky32q' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0' -H 'Referer: http://t6-001.ternum-dev.de/typo3/index.php?M=user_setup&moduleToken=1b9047ae59a852bd3158019ed38d612c342bda67' -H 'Connection: keep-alive' --data-binary $'------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[save]"\r\n\r\n1\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[be_users][realName]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[be_users][email]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[be_users][avatar]"\r\n\r\n0\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[lang]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[be_users][passwordCurrent]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[be_users][password]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[be_users][password2]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[startModule]"\r\n\r\nhelp_AboutmodulesAboutmodules\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[thumbnailsByDefault]"\r\n\r\non\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[titleLen]"\r\n\r\n50\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[edit_RTE]"\r\n\r\non\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[edit_docModuleUpload]"\r\n\r\non\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[resizeTextareas_MaxHeight]"\r\n\r\n500\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[copyLevels]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[rteWidth]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[rteHeight]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[rteMaxHeight]"\r\n\r\n\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[rteCleanPasteBehaviour]"\r\n\r\nplainText\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="simUser"\r\n\r\n0\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="formToken"\r\n\r\n1adcee0bc7fcb29b291a9037887c6fb16e027174\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[save]"\r\n\r\n1\r\n------WebKitFormBoundary6OOg3F3POrOky32q\r\nContent-Disposition: form-data; name="data[setValuesToDefault]"\r\n\r\n0\r\n------WebKitFormBoundary6OOg3F3POrOky32q--\r\n' --compressed
Please note to adapt the path to
http://your-server.tld/test.php
The contents of this file just is:
<?php var_dump($_POST);
The server I tested for Nico, discarded parts of the $_POST vars, which is the severe error condition I mentioned above.
I have no idea what can cause such errors, maybe a devops or ops person can help out here, but in this case we cannot do anything in TYPO3 to fix such broken setup.
Updated by Riccardo De Contardi over 8 years ago
- Status changed from Needs Feedback to Closed
No feedback within the last 90 days => closing this issue.
If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.
You could also join the #typo3-cms channel in Slack if you still need support.
Thank you
Updated by Tom Warwick over 8 years ago
I eventually found a fix for this.
In my case, I completely emptied /typo3temp and the problem was resolved straight away.
Hope this is of use.