Quote:
Originally Posted by Charliewool
Btw.. Whats a token?
|
The token was introduced in 3.7 versions of vbulletin and it is designed to avoid CSRF issues.
Cross Site Request Forgery (CSRF) involves taking advantage of the stateless nature of HTTP where there are no ways to ensure the exact origin of a request, its also not possible to detect what was actually initiated by a user and what was forced by a third party script. A token was added to the latest version of each of the vBulletin products so from 3.7.0 RC4 it is no longer possible to submit a POST request directly without passing in the known token.
The addition of a security token for each POST request removes the ability for a remote page to force a user to submit an action. At the moment this protection will only apply to vBulletin files and third party files will need to opt into this protection and add the appropriate hidden field. This was done to preserve backwards compatibility.
It's frankly a PITA. It affects Firefox more than IE or Chrome because of the way they treat cookies but I suspect in your case it is actually being caused by your ISP cache which is why you can get in ok through a page they don't cache rather than the home page.
Leaving a window open for more than whatever the time-out for CSRF is (I suspect it's about 20 minutes) will also get you the message regardless - I've got a nasty habit of doing that then getting the error when I post a reply.
I think we could probably increase the cookie time out but I'm not sure if that would help.
We currently have session expiry set at 3600 seconds (1 hour) which is probably impacting too.
Cheers
Russ