Download
Turning off CSRF via gsconfig.php does work when using SVN version.
Also found what is probably the cause of the error... my IP address can occasionally change (depending on which internet gateway I am going through). Since the IP address is used to generate the nonce, then the CSRF error occurs if it ever changes.
Perhaps other people who have this issue belong to a large network where they go through various proxies and gateways to connect to the internet and it changes since you connect through the one with the most capacity available. It would also explain why you can't replicate the problem.
Since it is for preventing cross site scripting attacks, maybe the nonce could use something unique on the server? A server variable like which will be unique for each website and can't be retrieved without having direct access to the server
Also found what is probably the cause of the error... my IP address can occasionally change (depending on which internet gateway I am going through). Since the IP address is used to generate the nonce, then the CSRF error occurs if it ever changes.
Perhaps other people who have this issue belong to a large network where they go through various proxies and gateways to connect to the internet and it changes since you connect through the one with the most capacity available. It would also explain why you can't replicate the problem.
Since it is for preventing cross site scripting attacks, maybe the nonce could use something unique on the server? A server variable like
Code:
$_SERVER["SCRIPT_FILENAME"]
-- Sam
