New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Valid CSRF Token Required OsTicket 1.10 #3546
Comments
My guess would be that its because you are running PHP 7.1.0 (released a few days ago). It's my understanding that osticket 1.10 still isn't fully compatible with 7.0 yet. You might want to down grade to 5.6 and see if that helps. |
Thanks! I`ll try to reinstall it tomorrow. |
I have the same issue on PHP 7.1 I will downgrade to PHP 5.6 all works fine with oldest PHP. |
I had that problem with OSticket 1.10, Apache and PHP 7.1. After downgrading PHP to 7.0.14 the error disappeared. Hope this helps anyone. |
Is this being worked on? PHP 7.1 is released by now and osTicket support for it would be great. |
I hope this is being worked on |
I have the same issue on PHP 7.1 + osticket 1.10.
|
DbSessionBackend->read() should not return null but empty string.
Will anyone try above patch 424bfc9 ? It solved my issue. |
@kaorukobo your patch worked for me, using the latest version of osticket & the latest php 7.1 from remi. Thanks! |
Can confirm that fix worked for me as well. Centos 7, PHP 7.1.3 from Remi OSTicket 1.10 |
The corresponding pull request was approved: |
I just installed the latest osTicket, I'm on PHP Version 7.1.5 on Windows 7 Professional Edition Service Pack 1 i586, and I got the Valid CSRF Token Required on first login to admin |
This is terrible. Same issue as #304 ? I wish I'd have known before upgrading. I can't go back on this server because PHP7 is needed for some of my scripts. This should be priority 1. |
Dear @TomAshley303 seems this issue with PHP 7 will be not fixed soon, as keep PHP and other software updated is very important for security I have upgraded to PHP 7 |
FYI all, I had the same problem and it was incorrect time on my machine. |
Just found out that login on my OSticket is possible when on PHP5.6. As soons as I set my server to PHP7.1, I can no longer login to OSTicket and get the Valid CSRF Token Required message. |
@Richardvi osTicket supports php7 not php7.1. So thats likely your issue. |
OK, thanks! |
Thank you brother it really help. |
Thanks!!! Works fine :) |
New to osTicket today, deal breaker for me if it doesn't support php7.1.x, until it does. |
Works for me only need add a new line on one file 👍 |
Does anyone know if this was fixed in the latest release 1.10.4 (yesterday)? |
Hi @ I think this issue is not fixed, never tested the last release as has been released recently. |
It's somewhat addressed in Cheers. |
Windows + Apache + PHP Version 7.2.7 session.auto_start=1 worked for me |
Ubuntu 18.04 x64 + Apache2 + PHP 7.2-10 + osT 1.10.4 /etc/php/7.2/apache2/php.ini session.auto_start=1 worked for me too. |
Hi @jpkh thank you very much for share where session.auto_start=1 should be placed. This is an edit of the php (ini) configuration, i am asking what OsTicket should change for resolve this issue. Usually i prefer made fix in the software and not on the PHP. Great to know there are a solution for work with PHP 7.2 but maybe i will wait to understand if the issue can be solved on OsTicket side. |
The latest version is compatible with Php 7.0, so you can downgrade from 7.1 to 7.0. Easy fix |
In PHP 7.1 and higher you are required to return a string from a session read handler or you will get an error - the documentation has always said that it should return a string but PHP has only now started to enforce that. Look in php logs to see if you have PHP Warning: session_start(): Failed to read session data: user adding the following line JUST before the return in the read method in class.ostsession.php
This makes sure that no matter WHAT you put in session data, you always return a string as you should Downgrading your PHP version is never a good idea for security reasons. Doubly bad because PHP 7.0 is already out of regular support and is out of security support in one month :( |
@auroraeosrose there are two read functions in class.ostsession.php could you specify the line that this snippet needs to be inserted on? the read function on line 270? or the one on 183? PS thank you for this solution... When I used |
Thanks! That worked. |
Thank you, this works for me. |
Solution from @auroraeosrose also worked for me on PHP7.2.15 and osticket 1.10.5 |
@auroraeosrose 's solution works on: Distributor ID: Debian |
Hi, any help for this problem?
OsTicket 1.10
Win 2012 R2
Apache 2.4
Php 7.1
Installed everything, get this problem. Read a lot, found solution to change "session.auto_start" to 1 and it worked for me. I logged in, but after a while still get same problem.
The text was updated successfully, but these errors were encountered: