0014122: In-appropriate time-out message when reporting an issue needs is shown - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0014122	mantisbt	bugtracker	public	2012-04-04 05:09	2014-09-23 18:05

Reporter	allfordbest	Assigned To	dregad
Priority	low	Severity	text	Reproducibility	always
Status	closed	Resolution	fixed
Platform	WINDOWS	OS	WINDOWS PROFESSIONAL	OS Version	7
Target Version	1.2.11	Fixed in Version	1.2.11

Summary	0014122: In-appropriate time-out message when reporting an issue needs is shown
Description	Instead of time out message,the following message is being displayed in mantis: "Invalid form security token. Did you submit the form twice by accident?" when the user takes fails to complete bug reporting process within a particular duration. Please refer the screen shots for further information.
Tags	No tags attached.
Attached Files	MantisBT_1333528630324.png (48,557 bytes) MantisBT_1333528630324.png (48,557 bytes)

dregad 2012-04-04 07:19 developer ~0031594	Unfortunately, the root cause of this behavior cannot be fixed without a major rework of the way form security is handled in MantisBT. MantisBT retrieves the form security token from the PHP session; the maximum validity of stored session data is not defined in Mantis but in PHP itself (session.gc_maxlifetime). If garbage collection has taken place, then this information is no longer available to Mantis. The error message you get has to be generic as it has multiple possible causes, and due what I explained above, we are not able to determine which. If you get this error a lot, it may be worth increasing the value of this parameter in your installation to something that fits your usage scenario. At the moment, I believe the only thing that can reasonably be done, is to modify the error message to reflect the fact that this error can also be triggered by a session timeout.

dregad 2012-04-06 18:43 developer ~0031610 Last edited: 2012-04-06 19:10	Original message for error 2800 is: Invalid form security token. Did you submit the form twice by accident? Proposed alternative error message: Invalid form security token. This may happen if you submitted the form twice by accident, or because your session has timed out. Invalid form security token. This could be caused by accidentally submitting the form twice, or by a session timeout. Thoughts, comments ?

dregad 2012-04-14 16:36 developer ~0031653	The error message has been amended, and a new Troubleshooting chapter added to the Admin guide with some explanations on the cause of this error and possible workarounds.

grangeway 2013-04-05 17:57 reporter ~0036252	Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

MantisBT: master 02755f72 2012-04-13 18:55 dregad Details Diff	Fix 0014122: Revised message for error 2800 The message now reflects the fact that an invalid security token error is often triggered because of a session timeout.		Affected Issues 0014122
	mod - lang/strings_english.txt		Diff File
MantisBT: master-1.2.x aa9bf38c 2012-04-13 18:55 dregad Details Diff	Fix 0014122: Revised message for error 2800 The message now reflects the fact that an invalid security token error is often triggered because of a session timeout.		Affected Issues 0014122
	mod - lang/strings_english.txt		Diff File