How can we help?

Why do I see WebAdmin log entries about a cross-site request forgery? What does that mean?

Cross-Site Request Forgery Notifications

Most of the time these entries are related to session timeouts if you have enabled CSRF Detection within our WebAdmin Settings.

Cross-Site Request Forgeries (CSRF or XSRF) are a form of attack that forces an end user to execute unwanted actions on a web application. You can find more information here (external link).

This error will occur if a user attempts to type a URL for the WebAdmin into the browser address line, or a user tries to log in after the session has timed out.  The error message will be seen in the WebAdmin Log as shown below.



If the WebAdmin CSRF Detection is Disabled, then these errors will not appear in the logs. To enable/disable WebAdmin CSRF Detection go to System Tools > System Configuration > WebAdmin Settings and scroll down to WebAdmin Login Settings; if WebAdmin CSRF Detection Disabled is selected then it is disabled.



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request