Do you reproduce the same issue? This message appears if security_hash parameter is missing in the request or if it does not match the one that is saved in the store
He is getting a message DENIED CSRF ATTACK using Internet Explorer trying to log in.
He did manage to log in with Chrone but said no orders or reward points showed up with chrome.
Odd thing is looking at my logs i dont show him attempting to or logging in.
Why is there such error message created? Can’t it be somekind code or something. Never saw this on some large sites which have been compromised lately (PayPal, Dropbox and so). Its scary to present this to public