Download
2012-02-03, 05:16:15
I have been experiencing CSRF for a few days recently. Some info on background situation:to .htaccess, which I rely on.
As impulse solutions I tried the following, from which some worked:
I have purposefully pointed out this different scenarios and may be irrelevant info as can't see any consistency in browser behaviour - except for Chrome seems immune for CSRF in my case. I suspect it may be related to files handling by browser or server, but really have no idea. Hope someone sorts it out one day.
As a permament solution I launched into space line 36 of changedata.php and sleep sound.
- I have several sites on GS 2.03 and 3.0, from which some share identical password and/or login
- to one of them I have recently added:
Code:
ExpiresActive On
<FilesMatch "\.(ico|jpg|jpeg|png|gif|js|swf)$">
ExpiresDefault A2592000
</FilesMatch>As impulse solutions I tried the following, from which some worked:
- logged out, but afterwards admin/index.php redirected me automatically to admin/pages.php - in other words I couldn't log in properly until I deleted manually login cookie
- turned off browser-cache (via WebDeveloper of Firefox) - worked once
- logged in, saved a page, logged out - all with Google Chrome, which I have edited just this one site once - this worked and CSRF did not reappear in Firefox for a few days when I logged in, out and saved normally
- logged in, saved a page, logged out - again with Google Chrome - this worked and CSRF did not reappear in Firefox for one login, some saves and a logout only - form next login CSRF was back.
I have purposefully pointed out this different scenarios and may be irrelevant info as can't see any consistency in browser behaviour - except for Chrome seems immune for CSRF in my case. I suspect it may be related to files handling by browser or server, but really have no idea. Hope someone sorts it out one day.
As a permament solution I launched into space line 36 of changedata.php and sleep sound.
