Owncloud 9.x or 10.x CSRF check failed
Owncloud 9.x or 10.x CSRF check failed
Hi everyone,
Using Centos 6.9 with Vesta 0.9.18
Need some help here. I have tried to install Owncloud v9.1.7 and Owncloud 10.0.3 and both are installing fine but when logging in the first time I always get this:
Access forbidden
CSRF check failed
I have looked at the Owncloud help and it seems something to do with PHP config.
https://github.com/owncloud/core/issues ... -262703655
I have tried the fixes suggested:
- A too low or wrong configured post_max_size
- enable_post_data_reading = 0 or Off in php.ini
- session.auto_start = 1 or On in php.ini
- Outdated oC version
I have not tried:
- Missing permissions or wrong configured session.save_path
As i am not 100% what that means yet.
Does anyone have any other suggestions?
Thanks
Using Centos 6.9 with Vesta 0.9.18
Need some help here. I have tried to install Owncloud v9.1.7 and Owncloud 10.0.3 and both are installing fine but when logging in the first time I always get this:
Access forbidden
CSRF check failed
I have looked at the Owncloud help and it seems something to do with PHP config.
https://github.com/owncloud/core/issues ... -262703655
I have tried the fixes suggested:
- A too low or wrong configured post_max_size
- enable_post_data_reading = 0 or Off in php.ini
- session.auto_start = 1 or On in php.ini
- Outdated oC version
I have not tried:
- Missing permissions or wrong configured session.save_path
As i am not 100% what that means yet.
Does anyone have any other suggestions?
Thanks
Re: Owncloud 9.x or 10.x CSRF check failed
OK, worked it out myself.
It was this point:
- Missing permissions or wrong configured session.save_path
Specifically, the permission to the php 'tmp' directory in this case. I create a phpinfo.php to see what the tmp directory was and per VestaCP standard it was
session.save_path /home/myusername/tmp
so i checked the permissions to /tmp and it was set to 771
I did a quick "chmod 777 tmp" and refreshed the page and it worked. I know that I should not leave it as 777 so I am curious as to why httpd/php does not have access to this dir if its specified as a tmp directory?
UPDATE: It seems it needs a chmod 667 for it to function. Still would like to know why ??
Thanks
It was this point:
- Missing permissions or wrong configured session.save_path
Specifically, the permission to the php 'tmp' directory in this case. I create a phpinfo.php to see what the tmp directory was and per VestaCP standard it was
session.save_path /home/myusername/tmp
so i checked the permissions to /tmp and it was set to 771
I did a quick "chmod 777 tmp" and refreshed the page and it worked. I know that I should not leave it as 777 so I am curious as to why httpd/php does not have access to this dir if its specified as a tmp directory?
UPDATE: It seems it needs a chmod 667 for it to function. Still would like to know why ??
Thanks