Skip to main content

#20 Invalid token when vote

Posted in ‘NorrCompetition’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information (available for public)

PHP version
7.4.30

Latest post by b2z on Monday, 05 December 2022 18:17 EET

Kiko

Hi,

 

I have a contest runing in: https://www.parquenacionalsierraguadarrama.es/es/patrimonio/concursos/votacion-xi-cine

I think it is working fine (i can vote, just one time) but some people have told me that they have and error "invalid token" when they try to vote. See https://prnt.sc/09EyNIiW3eV1

Thanks

 

b2z

Hello!

I also managed to vote successfully and there is no invalid token error.

It is a standard Joomla feature to send X-CSRF-Token with the AJAX request:

// Use POST for send the data
options.method = options.data ? 'POST' : options.method.toUpperCase();

if (options.method === 'POST') {
	var token = Joomla.getOptions('csrf.token', '');

	if (token) {
		xhr.setRequestHeader('X-CSRF-Token', token);
	}

	if (typeof(options.data) === 'string' && (!options.headers || !options.headers['Content-Type'])) {
		xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
	}
}

The component does not send any tokens, but checks for token in the request (see /controllers/participant.json.php) like this:

if (!Session::checkToken())
{
	$response->message = 'Invalid Token';

	echo $response;

	return;
}

Not sure where the problem can be in cases when the users get Invalid Token message.

Best regards,

Dmitrijs

Kiko

Ok, thanks Dmitrijs.

None of the participants are joomla users nor are logged in. Do you think that I can "skip" this token check by hard editing the code?

Best wishes,

 

 

b2z

I strongly recommend not to do that as the token is needed to ensure that the request was made from your page and not from the third party resource.

I am not sure, but probably this can help. Try to modify JS code in /media/com_competition/js/competition.js on line 83:

data: data,
onSuccess: function(response, xhr) {

Change it to:

data: data,
method: 'POST',
onSuccess: function(response, xhr) {

After that rename the file competition.min.js that is located in /media/com_competition/js/ to competition-test.min.js - this will force to load competition.js instead of minified version.

Another thing that comes to my mind - the token by itself is located on the page under csrf.token inside this script:

<script type="application/json" class="joomla-script-options new">

I can only imagine that for some reason sometimes it is not loaded, so Joomla cannot read it and send it with the AJAX request.

Best regards,

Dmitrijs

b2z

Hello,

Have you managed to resolve your issue?

Best regards,

Dmitrijs

Kiko

Hi Dmitrijs,

Apologize for the delay in the feedback.

I am not really sure if it works, since it always works for me. One of the people with problems told me that it works, but after that I received another email reporting the issue. The contest is finished, so I can not test further.

Best wishes,

b2z

It seems like a random issue. Another guess from me is some kind of cache. Hard to debug :(

I am closing this for now.

Thank you for contacting NorrNext Support. This message is to confirm that the ticket is closed.

If you are happy with our support, we would be grateful if you took the time for a small review or just a vote on Trustpilot.
https://www.trustpilot.com/review/norrnext.com

Support information

Support hours: You can get our help: Monday - Friday / 09:00 to 17:00 (GMT+3), but not limited. Our staff is pleased to provide Premium support to every paid subscriber asap, but sometimes you should be ready to wait for our reply for up to 3 days.


Our time: / Your time:

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. We also ask you to remove temporary credentials at your site after the problem is resolved. Thank you.

Support of free extensions is not provided on this forum. Please submit your questions or report issues via Github tracker. See link on the product page.