Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development CodeIgniter 3.x Random 403 in Checkout with CI3
Random 403 in Checkout with CI3
  • Offline z72diego
    Newbie
  • *
  • Posts: 3
    Threads: 1
    Joined: Apr 2024
    Reputation: 0
#1
04-18-2024, 05:48 PM

Hello everyone!

I gave up trying to solve it on my own, which is why I find myself here asking for help.

I run an online store based on CodeIgniter 3, which randomly (I think, since I was never able to reproduce the error) returns a POST 403 error specifically in the form that leads to the /checkout controller.

It is a problem, since errors are seen by users and are possible sales that may not be made. 

I have my suspicions on the CSRF. I previously suspected CloudFlare, but after some tests I have ruled it out.

Any suggestions?

Thank you so much!
Reply
  • Offline ozornick
    Antispam Moderator
  • ******
  • Posts: 561
    Threads: 29
    Joined: Jul 2022
    Reputation: 28
#2
04-19-2024, 10:28 PM

Yes, probably. 1. The token expires while the user is viewing the page. 2. The user opened two pages and the token was overwritten 3. Problems with the session or cookies.
Simple CI 4 project for beginners codeigniter-expenses ( topic )
Reply
  • Offline z72diego
    Newbie
  • *
  • Posts: 3
    Threads: 1
    Joined: Apr 2024
    Reputation: 0
#3
04-20-2024, 11:29 AM
(This post was last modified: 04-20-2024, 04:09 PM by z72diego.)

Thanks for your reply!

What information could I give you to get closer to the fix?

The error happens very frequently. I doubt the problem is that the token is expiring. I would rule it out. I'm leaning more towards a session or cookie issue. Since by testing with different pages open, it is not possible to reproduce the error either.

CodeIgniter Version: 3.0.0
PHP Version: 7.4.33

These are my CSRF settings:

PHP Code:
$config['csrf_token_name'] = 'token';
$config['csrf_cookie_name'] = 'token';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = FALSE;
$config['csrf_exclude_uris'] = array(); 

Maybe this information will help. It is not directly related to the error 403 but maybe it is.

In the script I use some cron tasks, which I call from the scheduled tasks of the Plesk panel.

Every time they run, they produce this error in the log:

ERROR - 2024-04-20 19:59:03 --> Severity: Warning --> ini_set(): A session is active. You cannot change the session module's ini settings at this time /var/www/vhosts/mydomain/httpdocs/app/core/system/libraries/Session/Session_driver.php 188

Session config:

PHP Code:
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'general_sessions';
$config['sess_expiration'] = 86400;
$config['sess_save_path'] = 'general_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 86400;
$config['sess_regenerate_destroy'] = FALSE
Reply




Theme © iAndrew 2016 - Forum software by © MyBB