CSRF Check Failed
-
Greetings,
While activally working in pfSense, I received the error 'CSRF Check Failed' Session may have timed out or my browser does not have cookies enabled.
There was a Try again button and the 'Debug:' listed below.
Debug: sid:d92d75b20fdcc0ebb91c47efbfce1308c6bde02c,1435766649
Any thoughts as to why this is happening?
Also, here is the latest bit of Syslog:
Jul 1 11:08:16 kernel: pid 60457 (filterdns), uid 0: exited on signal 11 (core dumped) Jul 1 11:04:28 php-fpm[67988]: /firewall_aliases_edit.php: Successful login for user 'dogpound' from: xx.xx.xx.xx Jul 1 11:04:28 php-fpm[67988]: /firewall_aliases_edit.php: Successful login for user 'dogpound' from: xx.xx.xx.xx Jul 1 11:04:25 check_reload_status: Reloading filter Jul 1 11:04:25 check_reload_status: Restarting OpenVPN tunnels/interfaces Jul 1 11:04:25 check_reload_status: Restarting ipsec tunnels Jul 1 11:04:25 check_reload_status: updating dyndns GW_WAN Jul 1 11:04:25 check_reload_status: Reloading filter Jul 1 11:04:25 check_reload_status: Restarting OpenVPN tunnels/interfaces Jul 1 11:04:25 check_reload_status: Restarting ipsec tunnels Jul 1 11:04:25 check_reload_status: updating dyndns GW_WAN Jul 1 11:03:20 check_reload_status: Reloading filter Jul 1 11:03:19 php-fpm[58730]: /rc.filter_synchronize: Nothing has been configured to be synched. Skipping.... Jul 1 11:03:17 check_reload_status: Syncing firewall Jul 1 11:00:14 php-fpm[29089]: /rc.filter_synchronize: Nothing has been configured to be synched. Skipping.... Jul 1 11:00:13 check_reload_status: Syncing firewall Jul 1 11:00:09 php-fpm[30307]: /xmlrpc.php: Disallowing CARP sync loop Jul 1 11:00:09 php-fpm[94970]: /xmlrpc.php: Disallowing CARP sync loop Jul 1 11:00:00 php: pfblockerng.php: [pfBlockerNG] Starting sync process. Jul 1 10:45:01 php: snort_check_cron_misc.inc: [Snort] Automatic clean-up of Snort logs completed. Jul 1 10:45:01 php: snort_check_cron_misc.inc: [Snort] Restarting logging on WAN (igb1)... Jul 1 10:45:01 php: snort_check_cron_misc.inc: [Snort] Truncating logs for WAN (igb1)... Jul 1 10:45:01 php: snort_check_cron_misc.inc: [Snort] Truncating the Rules Update Log file... Jul 1 10:45:01 php: snort_check_cron_misc.inc: [Snort] Log directory size exceeds configured limit of 129 MB set on Global Settings tab. All Snort log files will be truncated. Jul 1 10:00:14 php-fpm[12838]: /rc.filter_synchronize: Nothing has been configured to be synched. Skipping.... Jul 1 10:00:13 php-fpm[93669]: /xmlrpc.php: Disallowing CARP sync loop Jul 1 10:00:13 check_reload_status: Syncing firewall Jul 1 10:00:09 php-fpm[40575]: /xmlrpc.php: Disallowing CARP sync loop Jul 1 10:00:00 php: pfblockerng.php: [pfBlockerNG] Starting sync process.
Thanks for the postings!
Dino
-
Usually when you have a page sitting there for a long time before trying to submit it. If not that, something in your browser cache or cookies is screwy, clear your browser cache and try again. Clear cookies if that doesn't suffice.
-
Exact same problem here.
Is there any way to increase the session timeout (to a few hours maybe) or completely disable this 'CSRF Check' feature?
I like to always let an open tab (in Chrome) so than i can quickly check wan traffic graphs and this error is getting too annoying.
Also, i'm not sure if this feature is working properly here, because it happens even when hitting the browser refresh button and after logging on again on pfsense's web interface (!).
As per Chrome's content settings (see attachment), the session cookie is properly set, but it does not seem to be working.
-
Exact same problem here.
Is there any way to increase the session timeout (to a few hours maybe) or completely disable this 'CSRF Check' feature?
I like to always let an open tab (in Chrome) so than i can quickly check wan traffic graphs and this error is getting too annoying.
Also, i'm not sure if this feature is working properly here, because it happens even when hitting the browser refresh button and after logging on again on pfsense's web interface (!).
As per Chrome's content settings (see attachment), the session cookie is properly set, but it does not seem to be working.
default session time out value is 240 mins if it hasnt been changed
-
That's the session cookie, no relation to CSRF checks. You can leave traffic graph pages/dashboard/anything else up indefinitely without hitting CSRF checks if you're not trying to save a config change.
-
Thanks, cmb.
Could you provide further info on this CSRF Check technique or provide us with a link to documentation? I would like to understand the reasons behind its implementation on pfsense.
-
https://github.com/pfsense/pfsense/blob/RELENG_2_2/usr/local/www/guiconfig.inc
https://github.com/pfsense/pfsense/tree/RELENG_2_2/usr/local/www/csrf