Customer Cant Log In. Getting Denied Csrf Attack

He is getting a message DENIED CSRF ATTACK using Internet Explorer trying to log in.

He did manage to log in with Chrone but said no orders or reward points showed up with chrome.

Odd thing is looking at my logs i dont show him attempting to or logging in.

Do you reproduce the same issue? This message appears if security_hash parameter is missing in the request or if it does not match the one that is saved in the store

He is getting a message DENIED CSRF ATTACK using Internet Explorer trying to log in.

He did manage to log in with Chrone but said no orders or reward points showed up with chrome.

Odd thing is looking at my logs i dont show him attempting to or logging in.

Hi

Im able to log in with his ID and password from my end

Why is there such error message created? Can’t it be somekind code or something. Never saw this on some large sites which have been compromised lately (PayPal, Dropbox and so). Its scary to present this to public

My guess is that the customer has bookmarked a URL that expects a SESSION key versus the homepage of the site where a SESSION key will be generated.

Email the the URL of the homepage to replace their bookmark.

Regarding the message, it should probably go to a 403 page instead of the internal error message and the internal error should be logged to site log.