MantisBT
Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories
  

View Issue Details Jump to Notes ] Wiki ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0014122mantisbtbugtrackerpublic2012-04-04 05:092013-04-06 09:23
Reporterallfordbest 
Assigned Todregad 
PrioritylowSeveritytextReproducibilityalways
StatusclosedResolutionfixed 
PlatformWINDOWSOSWINDOWS PROFESSIONALOS Version7
Product Version 
Target Version1.2.11Fixed in Version1.2.11 
Summary0014122: In-appropriate time-out message when reporting an issue needs is shown
DescriptionInstead of time out message,the following message is being displayed in mantis: "Invalid form security token. Did you submit the form twice by accident?"
when the user takes fails to complete bug reporting process within a particular duration.
Please refer the screen shots for further information.
Tags2.0.x check
Attached Filespng file icon MantisBT_1333528630324.png [^] (48,557 bytes) 2012-04-04 05:09

- Relationships
related to 0015721new Functionality to consider porting to master-2.0.x 
related to 0014155closeddregad Add new Troubleshooting chapter in Admin Guide 

-  Notes
User avatar (0031594)
dregad (developer)
2012-04-04 07:19

 Unfortunately, the root cause of this behavior cannot be fixed without a major rework of the way form security is handled in MantisBT.

MantisBT retrieves the form security token from the PHP session; the maximum validity of stored session data is not defined in Mantis but in PHP itself (session.gc_maxlifetime). If garbage collection has taken place, then this information is no longer available to Mantis.

The error message you get has to be generic as it has multiple possible causes, and due what I explained above, we are not able to determine which.

If you get this error a lot, it may be worth increasing the value of this parameter in your installation to something that fits your usage scenario.

At the moment, I believe the only thing that can reasonably be done, is to modify the error message to reflect the fact that this error can also be triggered by a session timeout.
User avatar (0031610)
dregad (developer)
2012-04-06 18:43
edited on: 2012-04-06 19:10

 Original message for error 2800 is:

Invalid form security token. Did you submit the form twice by accident?

Proposed alternative error message:

Invalid form security token. This may happen if you submitted the form twice by accident, or because your session has timed out.

Invalid form security token. This could be caused by accidentally submitting the form twice, or by a session timeout.

Thoughts, comments ?
User avatar (0031653)
dregad (developer)
2012-04-14 16:36

 The error message has been amended, and a new Troubleshooting chapter added to the Admin guide with some explanations on the cause of this error and possible workarounds.
User avatar (0036252)
grangeway (developer)
2013-04-05 17:57

 Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

- Related Changesets
MantisBT: master 02755f72
Timestamp: 2012-04-13 22:55:48
Author: dregad
Details ] Diff ] 		Fix 0014122: Revised message for error 2800

The message now reflects the fact that an invalid security token error
is often triggered because of a session timeout.
mod - lang/strings_english.txt Diff ] File ]
MantisBT: master-1.2.x aa9bf38c
Timestamp: 2012-04-13 22:55:48
Author: dregad
Details ] Diff ] 		Fix 0014122: Revised message for error 2800

The message now reflects the fact that an invalid security token error
is often triggered because of a session timeout.
mod - lang/strings_english.txt Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-04-04 05:09 allfordbest New Issue
2012-04-04 05:09 allfordbest File Added: MantisBT_1333528630324.png
2012-04-04 07:19 dregad Note Added: 0031594
2012-04-04 07:19 dregad Status new => acknowledged
2012-04-06 18:43 dregad Note Added: 0031610
2012-04-06 19:10 dregad Note Edited: 0031610 View Revisions
2012-04-07 05:02 purple3752 Sponsorship Added purple3752: US$ 10
2012-04-07 05:02 purple3752 Sponsorship Total 0 => 10
2012-04-14 16:36 dregad Note Added: 0031653
2012-04-14 16:36 dregad Status acknowledged => resolved
2012-04-14 16:36 dregad Resolution open => fixed
2012-04-14 16:36 dregad Fixed in Version => 1.2.11
2012-04-14 16:36 dregad Target Version => 1.2.11
2012-04-14 16:37 dregad Assigned To => dregad
2012-04-14 16:41 dregad Relationship added related to 0014155
2012-04-14 17:00 dregad Changeset attached => MantisBT master 02755f72
2012-04-14 17:00 dregad Changeset attached => MantisBT master-1.2.x aa9bf38c
2012-04-16 04:18 allfordbest Sponsorship Added allfordbest: US$ 10
2012-04-16 04:18 allfordbest Sponsorship Total 10 => 20
2012-04-16 04:20 allfordbest Sponsorship Deleted allfordbest: US$ 10
2012-04-16 04:20 allfordbest Sponsorship Total 20 => 10
2012-04-16 04:21 allfordbest Sponsorship Added allfordbest: US$ 10
2012-04-16 04:21 allfordbest Sponsorship Total 10 => 20
2012-04-16 04:21 allfordbest Sponsorship Deleted allfordbest: US$ 10
2012-04-16 04:21 allfordbest Sponsorship Total 20 => 10
2012-06-06 23:53 jreese Status resolved => closed
2013-04-05 17:57 grangeway Status closed => acknowledged
2013-04-05 17:57 grangeway Note Added: 0036252
2013-04-05 18:36 grangeway Relationship added related to 0015721
2013-04-06 03:40 dregad Status acknowledged => closed
2013-04-06 07:23 grangeway Status closed => acknowledged
2013-04-06 09:22 dregad Tag Attached: 2.0.x check
2013-04-06 09:23 dregad Status acknowledged => closed

MantisBT 1.2.16dev master-1.2.x-8c2bd07 [^]
Copyright © 2000 - 2013 MantisBT Team
Time: 0.0877 seconds.
memory usage: 2,858 KB
Powered by Mantis Bugtracker