View Issue Details

IDProjectCategoryView StatusLast Update
13761Bug reports[All Projects] Survey takingpublic2018-06-28 11:04
ReporterriqclesAssigned Tomarkusfluer 
Status assignedResolutionopen 
Product Version3.9.x 
Target VersionFixed in Version 
Summary13761: CSRF error token - with IE 11

I encounter the problem of CSRF token which at the beginning was not easy to reproduce.

My default browser was Firefox.
When I tested my questionnaires before activation, or after activation, with or without invitations, no PB!

On the other hand, I had an update that gave as default browser Internet Explorer.

Steps To Reproduce

Here are the different scenarios to reproduce this error:

Prerequisites: a questionnaire with an invitation table (and guests lol).

  1. IE with a different Tab from LimeSurvey

If Internet Explorer is launched with a first tab other than a limesurvey page, the tests work (click on the link received in the invitation -> open a new tab.)

  1. IE with a Tab with LimeSurvey

If you have opened a tab by going to a questionnaire / or administration interface, using the link to participate in a questionnaire opens a new tab. If we start to answer the questionnaire, we will get the CSRF error message.

It will be necessary to close IE, then launch it again with NO tab in connection with limesurvey, before clicking on the link received in the invitation, to be able to answer the questionnaire.

  1. IE in default browser - NOT OPEN

If you click on the link received by invitation, IE will open and when you start to fill out the questionnaire, you will get the error message.

Tested on the following versions:
2.62.2 + 170203 -> KO
2.73.1 + 171220 -> KO
2.64.3 + 170327 -> KO

Version 3.9.0 + 180604 -> KO

Additional Information

@Denis: thanks for the information, this is the session (PHPSESSID) that must be opened by IE when it is launched.

I added the parameter, but no change for IE (in any case I can open multiple versions in the same browser :))

'session' => array (
'sessionName' => "Dev",

I add the questionnaire that allowed me to do the tests (it is very simple).

I had to disable CSRF management in the config file to allow people to respond.

TagsNo tags attached.
Complete LimeSurvey version number (& build)3.9.0+180604
I will donate to the project if issue is resolvedNo
Database & DB-VersionPostgresql 9.4
Server OS (if known)Centos 7
Webserver software & version (if known)apache 2.4
PHP Version5.6




2018-06-13 10:08


CSRF_error_and_sendmail_LimeSurvey_V3.doc (847,872 bytes)
TEST_CSRF_limesurvey_survey_128689.lss (16,759 bytes)


2018-06-13 11:35

developer   ~48076

Last edited: 2018-06-13 11:44

View 3 revisions

And when you disable CRSF : no issue ? Response is saved ?

With 2 tab on same browser with LimeSurvey, ok can understand, but the biggest issue is « If you click on the link received by invitation, IE will open and when you start to fill out the questionnaire, you will get the error message.»


Maybe related bug :
Solution is adding / on the CRSF cookie ????

Can you test with
'request' => array(
'csrfCookie' => array(
'path' => '/', // or '/subdir/' if you are on a subdir

'path' => './' // ??? really strange fix …



2018-06-13 20:58

reporter   ~48102

Take a closer look at towards the end of the ticket (
Maybe this will point you in the right direction. Very complex.. I cracked it for the problem I had



2018-06-14 12:43

developer   ~48108

@asshank we try to set to Dev (thanks to your bug report and way to fix) (using Yii), but here : the 2 tab on the same LimeSurvey instance …



2018-06-14 16:07

developer   ~48113

Last edited: 2018-06-14 16:08

View 2 revisions

@riqcles and @asshank : can you test with

If it work : i make a pull request for master.

Remind the part with : 'autoStart' => false,
'session' => array (
'autoStart' => false,
'sessionName' => "LimeSurvey",



2018-06-15 17:47

developer   ~48181

And if it don't work : try to disable ajax in the survey template option :)

See this issue with Yii2 and pjax :



2018-06-15 23:36

developer   ~48190

Quote: no error whatever



2018-06-15 23:37

developer   ~48191

Ajax is by default ON in vanilla. Shouldn't that be turned off by default in a starter theme?



2018-06-16 10:40

developer   ~48192

@tammo : you do the test : deactivate ajax mode fix the issue with IE11 ?
( i have to setup my VirtualBox instance with IE11, but if you already do the test : great :) )



2018-06-16 17:20

developer   ~48193

Really hard to reproduce , i test with msedge Win10 virtual box.

Launch, goes to home page. Try with copy/paste link , try 2 different survey at same time etc … not able to have the issue …

I have the fix inside my instance, maybe…



2018-06-16 17:22


Capture du 2018-06-16 17-21-46.png (141,140 bytes)


2018-06-17 08:58

developer   ~48196

Yes, I turned off Ajax in my (child of Vanilla) custom theme.

In Edge the survey now loads OK.

I really think that Ajax is an advanced featured that should be turned off by default and turned on by deliberate action only.



2018-06-18 11:20

manager   ~48202

the issue must be fixed
turning off the feature is not a way to fix it.



2018-06-18 11:21

manager   ~48203



2018-06-18 11:38

manager   ~48204



2018-06-21 11:08

reporter   ~48256

@Denis .
I tried but the plugins do not want to work, I'm looking for why.



2018-06-21 12:09

developer   ~48260

Last edited: 2018-06-21 12:10

View 2 revisions

« turning off the feature is not a way to fix it. » since this “feature” broke a lot of another feature … maybe it's not a feature …

Currently : if an user have 3.X with production survey : it's better if this “feature” is disabled

And : sometimes : some dev remove working feature … without any reason …



2018-06-21 17:23

reporter   ~48269

ok sessionNameBySurvey-master , must remove "-master" and i have the plugin.

I try but still ko



2018-06-28 11:04

reporter   ~48357

@tammo : can you try on IE11 (find on programm : iexplore) ?

Issue History

Date Modified Username Field Change
2018-06-13 10:08 riqcles New Issue
2018-06-13 10:08 riqcles File Added: CSRF_error_and_sendmail_LimeSurvey_V3.doc
2018-06-13 10:08 riqcles File Added: TEST_CSRF_limesurvey_survey_128689.lss
2018-06-13 11:35 DenisChenu Note Added: 48076
2018-06-13 11:43 DenisChenu Note Edited: 48076 View Revisions
2018-06-13 11:44 DenisChenu Note Edited: 48076 View Revisions
2018-06-13 20:58 asshank Note Added: 48102
2018-06-14 12:43 DenisChenu Note Added: 48108
2018-06-14 16:07 DenisChenu Note Added: 48113
2018-06-14 16:08 DenisChenu Note Edited: 48113 View Revisions
2018-06-15 17:47 DenisChenu Note Added: 48181
2018-06-15 23:36 tammo Note Added: 48190
2018-06-15 23:37 tammo Note Added: 48191
2018-06-16 10:40 DenisChenu Note Added: 48192
2018-06-16 17:20 DenisChenu Note Added: 48193
2018-06-16 17:22 DenisChenu File Added: Capture du 2018-06-16 17-21-46.png
2018-06-17 08:58 tammo Note Added: 48196
2018-06-18 11:18 LouisGac Assigned To => markusfluer
2018-06-18 11:18 LouisGac Status new => assigned
2018-06-18 11:20 LouisGac Note Added: 48202
2018-06-18 11:21 LouisGac Note Added: 48203
2018-06-18 11:38 LouisGac Note Added: 48204
2018-06-21 11:08 riqcles Note Added: 48256
2018-06-21 12:09 DenisChenu Note Added: 48260
2018-06-21 12:10 DenisChenu Note Edited: 48260 View Revisions
2018-06-21 17:23 riqcles Note Added: 48269
2018-06-28 11:04 riqcles Note Added: 48357