Invalid Security Token timeout with delayed note submit
Moderators: Developer, Contributor
Invalid Security Token timeout with delayed note submit
If I go into a bug and type in a long note and come to it several hours later to finish the note, I get an error reading like Invalid Security Token when I try to submit the note and then the browser back button erases the note text. This has happened several times to me, and I assume it is a timeout feature for added security. Is there any way to make this timeout much longer (at least a couple of days in length), to prevent data loss like this? I'm using Mantis 1.2.0 on a Linux server, with no customizations.
Re: Invalid Security Token timeout with delayed note submit
You can disable session validation by adding the following line to file config_inc.php
And yes, this is a potential security risk
There are also PHP settings (php.ini) which influence sessions timeout. I am no expert for this, please check the PHP documentation
Code: Select all
$g_session_validation = OFF;
There are also PHP settings (php.ini) which influence sessions timeout. I am no expert for this, please check the PHP documentation
Re: Invalid Security Token timeout with delayed note submit
I don't have direct access to the command line or the files on the web site, so I instead installed a Firefox addin called Lazarus Form Recovery which auto-saves a web form's contents for later retrieval. It works around this issue for me:
http://lazarus.interclue.com/
On many web sites, I can use the back button and successfully retrieve text I typed into a HTML textarea when the submit fails. Since it works in some cases, I assume it is a HTTP/HTML header setting that prevents this with Mantis pages (such as Cache-Control). Maybe that could be tweaked, so the security timeout feature was still in place, but the html page would not be refreshed/cleared when you use the back button? Sorry, I don't know more about HTTP or HTML to make a better suggestion, and there might be good reasons you don't want the data cached, such as refresh problems if the cache is stale or other security issues.
http://lazarus.interclue.com/
On many web sites, I can use the back button and successfully retrieve text I typed into a HTML textarea when the submit fails. Since it works in some cases, I assume it is a HTTP/HTML header setting that prevents this with Mantis pages (such as Cache-Control). Maybe that could be tweaked, so the security timeout feature was still in place, but the html page would not be refreshed/cleared when you use the back button? Sorry, I don't know more about HTTP or HTML to make a better suggestion, and there might be good reasons you don't want the data cached, such as refresh problems if the cache is stale or other security issues.