Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Customer Cant Log In. Getting Denied Csrf Attack Rate Topic   - - - - -

 
  • mrmem
  • Member
  • Members
  • Join Date: 13-Jul 09
  • 89 posts

Posted 16 December 2017 - 02:00 PM #1

    He is  getting a message DENIED CSRF ATTACK using Internet Explorer trying to log in.

He did manage to log in with Chrone but said no orders or reward points showed up with chrome.

        Odd thing is looking at my logs i dont show him attempting to or logging in.



 

Posted 18 December 2017 - 06:53 AM #2

Do you reproduce the same issue? This message appears if security_hash parameter is missing in the request or if it does not match the one that is saved in the store

 

    He is  getting a message DENIED CSRF ATTACK using Internet Explorer trying to log in.

He did manage to log in with Chrone but said no orders or reward points showed up with chrome.

        Odd thing is looking at my logs i dont show him attempting to or logging in.


Sincerely yours, CS-Cart Support Team

 

User guide       |  Developer documentation  |  Core API documentation


 
  • mrmem
  • Member
  • Members
  • Join Date: 13-Jul 09
  • 89 posts

Posted 19 December 2017 - 03:38 PM #3

Hi

 Im able to log in with his ID and password from my end



 
  • demeldoo
  • Senior Member
  • Members
  • Join Date: 27-Jul 12
  • 918 posts

Posted 19 December 2017 - 08:08 PM #4

Why is there such error message created? Can't it be somekind code or something. Never saw this on some large sites which have been compromised lately (PayPal, Dropbox and so). Its scary to present this to public

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 10670 posts

Posted 19 December 2017 - 10:37 PM #5

My guess is that the customer has bookmarked a URL that expects a SESSION key versus the homepage of the site where a SESSION key will be generated.

  

Email the the URL of the homepage to replace their bookmark.

 

Regarding the message, it should probably go to a 403 page instead of the internal error message and the internal error should be logged to site log.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.