7 votes

CSRF error on registration page

Hi,

I got a CSRF error on the registration page, probably a timeout because I read the terms and privacy policy before going on with the registration. :)

That's a bad first impression for users and should be avoided.

Chris

2 comments

  1. Deimos
    (edited )
    Link
    Ah, I think this would be because I have the default logged-out session timeout set to 10 minutes, and extend it to much longer once someone logs in. Since the site isn't accessible to logged-out...

    Ah, I think this would be because I have the default logged-out session timeout set to 10 minutes, and extend it to much longer once someone logs in. Since the site isn't accessible to logged-out users right now anyway, I didn't want to keep a bunch of useless sessions around (from people that just looked at the site but couldn't log in or register anyway) and thought I could just set a very low timeout for them.

    I didn't think about the effect on CSRF for registering though, thanks for pointing that out. I'll bump it up to an hour or so. That's still quite low but should get rid of issues like this one.

    4 votes
  2. stuck_in_the_matrix
    Link
    I wonder if that was due to a session timeout? In any event, good to know.

    I wonder if that was due to a session timeout? In any event, good to know.

    1 vote