What does this specific error mean? I get it when I try to save a post.

Include an XSRF token in your form like this:

<input type="hidden" name="xsrf" value="{$cookie-xsrf-token}"/>

The idea behind CSRF/XSRF tokens is to stop a website from making an unauthorized request to another site. I am not going to try to give a full explaination.

@diomed, if you're using 2.4 this could be a possibility. Basically by default a few versions of symphony were enabling this feature. That is it adds a token into your forms, and if not submitted within a particular time span your form becomes invalid.

This can be removed by disabling the feature in the config, or else increasing the time-span. Unless you can save quicker :)

I didn't realise there was a time limit of 15 minutes. I assumed that diomed was having a problem with frontend forms. I thought there would be no problem with saving from the backend, but I was wrong.

There's a lengthy discussion on GitHub about it, but it is being improved for the next version.

Yeah, this is problem in 2.4. I was correcting multiple errors in article, and all of the sudden, this...

so I was copy pasting entire thing and deleting current one, just to get around this somehow.

I'll disable it in config. Thanks.

I'll disable it in config. Thanks.

Nah. Just increase the time limit to something long. Say 2 weeks or 2 months. The feature itself is actually quite an important one.

well, that's a good idea. i wasn't aware that i could increase it to that length.

Hi! I still have this error in symphony 2.5.1 only with chrome browser (with firefox I can access without errors) Access Denied Request was rejected for having an invalid cross-site request forgery token

Is there a way to solve this?


As mentioned above it isn't technically something to solve, it's just a case of setting the expiry to a number that works for you. The error message is perfectly valid, and you should be able to go back and save the entry. The only time you should see the message is if the form you submitted had been idle for a period of time. Do say if your situation differs.

Although I did think it had been changed to a very large number, so surprised it would be seen in normal use - maybe someone can clarify what it was changed to?

Sorry, I didn't explain this: I get this message when I try to login to symphony, so the form had been idle for about 3 seconds..

But it's strange, I have this "issue" only with chrome, while I can access symphony via firefox. Maybe a cache issue for the browser?

Oh I see!

That is unusual - I think the token is just stored as a cookie, perhaps try clearing all that stuff and trying again. Would explain why it was only one browser!

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details