Hi,
every now and then I get the error message "invalid session hash" when commenting in my own blog.
After resending the comment gets through is displayed.
Any idea what might be the reason?
Thanks
Dirk
Invalid Session Hash ...
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Invalid Session Hash ...
Hi!
If you have enabled the setting "CSRF-Protection / Cookie hash" (or something like that) in your antispam plugin, then you need a valid session cookie before you comment. If you jump right to a page, without having been to the overview page or something else before, you do not have that hash.
It's a protection against people that come to your site directly and enter their spam. You can disable that, if you like.
Regards,
Garvin
If you have enabled the setting "CSRF-Protection / Cookie hash" (or something like that) in your antispam plugin, then you need a valid session cookie before you comment. If you jump right to a page, without having been to the overview page or something else before, you do not have that hash.
It's a protection against people that come to your site directly and enter their spam. You can disable that, if you like.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
-
Lux
- Regular
- Posts: 764
- Joined: Fri Aug 12, 2005 4:36 pm
- Location: Grüt, Zürich, Switzerland
- Contact:
Re: Invalid Session Hash ...
Hi Garvin,
Unfortunately that hits also myself, even if I logged in.
How can I find out how many spams were found by that rule? (Which is thesearch criteria for the spamblocklog table?)
Thanks for your support
Dirl
that is exactly the point ...garvinhicking wrote:If you have enabled the setting "CSRF-Protection / Cookie hash" (or something like that) in your antispam plugin, then you need a valid session cookie before you comment. If you jump right to a page, without having been to the overview page or something else before, you do not have that hash.
Unfortunately that hits also myself, even if I logged in.
How can I find out how many spams were found by that rule? (Which is thesearch criteria for the spamblocklog table?)
Thanks for your support
Dirl
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Invalid Session Hash ...
Hi!
If you enabled spamblock logging, you can find it in the logfile or log-database.
I don't know for the exact criteria; try to make a comment when you load a URL without cookies (like from your RSS reader directly to the page) and then look for the most recent entry?
HTH,
Garvin
If you enabled spamblock logging, you can find it in the logfile or log-database.
I don't know for the exact criteria; try to make a comment when you load a URL without cookies (like from your RSS reader directly to the page) and then look for the most recent entry?
HTH,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
-
Lux
- Regular
- Posts: 764
- Joined: Fri Aug 12, 2005 4:36 pm
- Location: Grüt, Zürich, Switzerland
- Contact:
Re: Invalid Session Hash ...
That is too easy.garvinhicking wrote:I don't know for the exact criteria; try to make a comment when you load a URL without cookies (like from your RSS reader directly to the page) and then look for the most recent entry?
Thank you
Dirk