Tags:
create new tag
, view all tags

SID-01031: invalid crypt token

Status: Asked Asked TWiki version: 5.0.0 Perl version: perl 5.8.8 x86_64
Category: CategorySecurity Server OS: cent0S 5.3 Linux 2.6.18 64bit Last update: 4 months ago

I get an invalid crypt token when trying to create and save a page from a form. I used the format in ContactDB. If I disable {CryptToken}{Enable} then the page is created with no problems. However when enabled I get the "invalid crypt token" . Is there something special i need to do to make this work?

Below is a stripped down test i was using just to see if anything would work.

<Form name="new" action="%SCRIPTURLPATH{"save"}%/%WEB%/" method="post"> 
| Candidate Page Name  | <input name="topic" value=' ' class=twikiInputField /> |
|| <input type="submit" class="twikiSubmit" value="Create New Candidate" /> |
<input type="hidden" name="action_save" value="1" />
<input type="hidden" name="text" value="---+testtesttest" />
<input type="hidden" name="topicparent" value="CandidatesPage" />
</form>
-- ScottGutman - 2010-11-22

Discussion and Answer

Strange, the crypt taken is added automatically, so it should work. Keep in mind that the form can only be used once. That is, if you go back in your browser after submitting the form, you have to reload the page that contains the form.

-- PeterThoeny - 2011-01-04

Where and how I can disable the CrypToken?, in order to be able to edit forms from a mobile App

-- Pablo Jovanni Lopez Garcia - 2016-02-26

Run configure. Read the implications on disabling the crypt token.

-- Peter Thoeny - 2016-02-26

Thanks Peter

-- Pablo Jovanni Lopez Garcia - 2016-02-29

I'm having the same problem. TWiki::UI::verifyCryptToken cannot find the CryptToken in the CGI session.

-- Ian Holmes - 2016-12-30

Incidentally everything was working just fine until the last plugin I installed (which was DirectedGraphPlugin)

-- Ian Holmes - 2016-12-30

And to be clear it's not exactly the same problem. It happens whenever I try to edit any page at all (or specifically when I try to save the edit).

-- Ian Holmes - 2016-12-30

Insertion of debugging "warn" messages into LoginManager::createCryptToken suggests that the crypt token is being created, but manual inspection of the CGI session file in working/tmp indicates that the token does not appear to be saved in the CGI session. Permissions on files and directories do seem to be OK and CGI session file is being updated. Continuing to investigate.

-- Ian Holmes - 2016-12-30

OK, I might be misunderstanding how the CryptToken is being passed in. It looks like it is being inserted into the HTML for the edit page (set as a hidden input field on the form)...

-- Ian Holmes - 2016-12-30

I think I understand now - it's passed in the form but it's also stored in the CGI session and they're supposed to match. Except, it's NOT getting stored in the CGI session. It's there in the CGI::Session object in LoginManager::createCryptToken, but by the time execution flow reaches LoginManager::complete, it's been forgotten about.

If I add a CGI:Session flush to LoginManager::createCryptToken, it seems to fix the problem, though I still don't understand why it was working before and then stopped.

Old code:

<pre> $session->param( 'CryptToken', $currentCrypt );

return $cryptid; </pre>

Amended code:

<pre> $session->param( 'CryptToken', $currentCrypt ); $this->{_cgisession}->flush(); # IH fix for CryptToken not being saved to CGI::Session database - see http://twiki.org/cgi-bin/view/Support/SID-01031

return $cryptid; </pre>

-- Ian Holmes - 2016-12-30

dammit, the pre tag doesn't work in comments. well, you get the idea.

-- Ian Holmes - 2016-12-30

re-opening to increase chance that this gets attention...

-- Ian Holmes - 2016-12-30

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Asked
Title invalid crypt token
SupportCategory CategorySecurity
TWiki version 5.0.0
Server OS cent0S 5.3 Linux 2.6.18 64bit
Web server Apache 2.2.3
Perl version perl 5.8.8 x86_64
Browser & version

Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r8 - 2016-12-30 - IanHolmes
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.