View Issue Details

IDProjectCategoryView StatusLast Update
0011680mantisbtadministrationpublic2014-02-26 18:34
Reporterliyingm Assigned Todhx  
PrioritynormalSeveritymajorReproducibilityhave not tried
Status closedResolutionno change required 
PlatformLinuxOSRed Hat Enterprise LinuxOS Version5
Product Version1.2.0 
Target VersionFixed in Version 
Summary0011680: Mantis APPLICATION ERROR #2800 for Mantis 1.2.0
Description

When I open a issue and leave this issue page open, after couple of hours I add note to the issue and hit “Add Note”, I get an error screen, then I need to hit back only to see everything I wrote is gone! Things like this come up,

APPLICATION ERROR #2800

Invalid form security token. Did you submit the form twice by accident?

Please use the "Back" button in your web browser to return to the previous page. There you can correct whatever problems were identified in this error or select another action. You can also click an option from the menu bar to go directly to a new section.

If I refresh my screen, retype what I wrote originally, and submit again, it goes through. And there is no problem to add note when the page is just opened. I was wondering it maybe a timeout setting for the page or Apache. Please advise.

By the way, our Mantis recently has been upgraded from version 1.0.0a2 to 1.2.0 and migrated from a Debian box to a Red Hat box.

TagsNo tags attached.

Relationships

has duplicate 0011837 closeddhx Error #2800 on trying to submit an issue 
has duplicate 0012015 closeddhx Error message that the form has been sent twice 
has duplicate 0012169 closeddhx "Add Note" issues ERROR_FORM_TOKEN_INVALID 
has duplicate 0012233 closeddhx Invalid security token when adding a note to a bug 
has duplicate 0012315 closeddhx APPLICATION WARNING 0002702: Your session has become invalidated. 
has duplicate 0010148 closeddhx Sesssion Timeout 
has duplicate 0013952 closedatrol Invalid form security token. Did you submit the form twice by accident? 
has duplicate 0012381 closeddregad APPLICATION ERROR #2800 
has duplicate 0015502 closeddregad APPLICATION WARNING 0002702: Your session has become invalidated. 
related to 0011693 closeddregad Timeout : lost of project configuration 

Activities

squarebox

squarebox

2010-03-19 02:44

reporter   ~0024807

what's probably happening is that mantis is logging you out after some time specified by your admin. So when you try to add a note it throws back an error saying your security token was invalid, which is just a fancy way of saying your login timed out. And like you said, if you refreshed the screen it grabs a new security token and you can enter in notes.

Since you aren't specifically re-entering your login credentials, i'm assuming you are using the "Remember my IP address" or whatnot feature when you log in. So knowing those two things i'd agree with you that this is a bug. In the sense that it should at least try to grab a new security token if it can before erroring out.

liyingm

liyingm

2010-03-21 18:26

reporter   ~0024834

Thanks for the reply. You are right, I've enabled the "Secure Session (Only allow your session to be used from this IP address)" when logined to Mantis. But where can I reset the time out variable?

dhx

dhx

2010-03-21 23:29

reporter   ~0024836

Form security tokens are stored in PHP sessions and thus are subject to PHP's settings relating to session expiry times. MantisBT itself has something like a 3 day expiry for form security tokens (the idea being that you may leave screens open on Friday and return on Monday to finish up your work).

Please see http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

javatopia

javatopia

2010-03-23 12:07

reporter   ~0024880

This is happening in 1.2. I was entering bugs and did one bug report, then followed with another, and got the application error 2800 message. This was an active session, definitely not timed-out.

It could be a php-related problem. Version 1.1.8 had this in it, and version 1.2 also demonstrates the same behavior.

As a note, in other PHP applications, I noticed that sometimes after using my session, the session just dies without any apparent cause. So this is more and more looking like a PHP problem and not really a mantis problem.

Issue History

Date Modified Username Field Change
2010-03-19 00:30 liyingm New Issue
2010-03-19 02:44 squarebox Note Added: 0024807
2010-03-21 18:26 liyingm Note Added: 0024834
2010-03-21 23:29 dhx Note Added: 0024836
2010-03-21 23:29 dhx Status new => resolved
2010-03-21 23:29 dhx Resolution open => no change required
2010-03-21 23:29 dhx Assigned To => dhx
2010-03-23 12:07 javatopia Note Added: 0024880
2010-06-09 03:23 dhx Relationship added has duplicate 0011837
2010-06-09 03:23 dhx Relationship added has duplicate 0012015
2010-06-09 03:25 dhx Relationship added related to 0011693
2010-06-09 03:45 dhx Status resolved => closed
2010-07-13 17:39 dhx Relationship added has duplicate 0012169
2010-08-10 10:31 dhx Relationship added has duplicate 0012233
2010-09-19 02:13 dhx Relationship added has duplicate 0012315
2010-09-19 02:14 dhx Relationship added has duplicate 0010148
2012-02-26 06:12 atrol Relationship added has duplicate 0013952
2012-10-19 05:37 dregad Relationship added has duplicate 0012381
2013-11-14 12:12 dregad Relationship added has duplicate 0015502