View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 0
IDProjectCategoryView StatusDate SubmittedLast Update
03680Bug reportsSurvey editingpublic2009-09-14 13:462010-07-01 17:12
ReporterMazi Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version1.85+ 
Fixed in Version1.85+ 
Summary03680: Improve CSRF security alert to let users know what might cause the error
Description

A lot of users are irritated by the current CSRF security alert:
"Access denied!

Security alert: Someone may be trying to use your LimeSurvey session (CSRF attack suspected). If you just clicked on a malicious link, please report this to your system administrator."

Please add some explanations what might have caused the error.

Additional Information

IRC log:
[13:36] Mazi: it's just that users are irritated by those messages
[13:36] Mazi: I have had the same problem with these messages opping up and I also didn't know what caused it
[13:37] c_schmitz: it is caused when you work in several windows at the same time
[13:37] c_schmitz: and try to save things
[13:37] Mazi: that's a good hint. maybe we should add some explanation to this message
[13:38] Mazi: if users don't know what caused this they might fear a real attack

TagsNo tags attached.
Bug heat0
Complete LimeSurvey version number (& build)7610
I will donate to the project if issue is resolved
Browserall
Database type & versionMy Sql 5.1.30
Server OS (if known)Win XP Sp 3
Webserver software & version (if known)Apache 2.2
PHP Version5.2

Users monitoring this issue

There are no users monitoring this issue.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2009-09-14 13:46 Mazi New Issue
2009-09-14 13:46 Mazi Status new => assigned
2009-09-14 13:46 Mazi Assigned To => user372
2009-09-14 13:46 Mazi Build Number => 7610
2009-09-14 13:46 Mazi Browser => all
2009-09-14 13:46 Mazi Database & DB-Version => My Sql 5.1.30
2009-09-14 13:46 Mazi Operating System (Server) => Win XP Sp 3
2009-09-14 13:46 Mazi Webserver => Apache 2.2
2009-09-14 13:46 Mazi PHP Version => 5.2
2009-09-14 13:46 Mazi Assigned To user372 => c_schmitz
2009-09-16 01:10 c_schmitz Status assigned => resolved
2009-09-16 01:10 c_schmitz Fixed in Version => 1.85+
2009-09-16 01:10 c_schmitz Resolution open => fixed
2009-09-22 00:58 c_schmitz Status resolved => closed
2010-07-01 17:12 user8615 Issue Monitored: user8615
2010-10-25 00:17 c_schmitz Category Survey Design => Survey design
2019-11-01 17:25 c_schmitz Category Survey design => Survey editing