Problems, need help? Have a tip or advice? Post it here.
6 posts Page 1 of 1
Hello,

I added a search engine to my clients website, and for each searches, it updates the URL string with the variables and keywords being used.
Which is perfect.

The thing is, if I make a search, copy the full URL (to get back to that exact same search page result), and paste it with another browser, it will not work, and will show the :

Security tokens do not tally for executing this action. Please try again.

Error message.

From what I have read, it's related to cache or cookie. Is that right?
If I try to directly access that search query URL, from the same browser that I have just used to make the search, it will work.
But not from a different browser. And other people won't be able to directly access the page.

How can I fix this?
I need to make it work. If more information is needed to troubleshoot my issue, please let me know.

Here's the search query that appears in the URL :

Code: Select all
?nomsujet=Gestion+du+changement&k_hid_category=category&k_nonce=2637129fe8d70126cc960237c9e1ffcb&nc=1


Thanks a lot for the support.
Suppose the action was deleting the latest post - do you think passing on that URL to anybody else should result in the same action getting executed if she visits the URL? Of course not. That is why we add security token to the URL. Doing so makes the URL specifically tied down to a particular user and an action i.e. it becomes null and void for everybody else who get the message you referred to (using a different browser will also count as accessing as a different user).

My point being - we add security tokens to only actions that we expressly do not wish to be replicated by others by simply following the same URL. Most of the actions that take place within the admin-panel (create, delete, update) fall under this category; Clearly what you are trying to do is not.

So, as the solution, you should remove the token (nonce) from your form as it is not pertinent to the use-case.

Hope the reply helps.
Thanks for the explanation KK.

Can you guide me on how to remove the Token (nonce) from my form?
Here's the code I'm using :

Code: Select all
   <cms:form anchor='0' id="sujet-form"  name="category" class="search-form-sujet" mode="create" masterpage="search.php" action="<cms:link 'liste-des-conferenciers.php' />" enctype='multipart/form-data'>
                    <cms:if k_success >

                     <cms:if frm_nomsujet!='-' >
        <cms:set my_search_str="<cms:show frm_nomsujet />"  scope='global'/>

      </cms:if>

      </cms:if>

        <cms:input type='dropdown' id="NomSujet" onchange="this.form.submit()" name="nomsujet" data-name="NomSujet" class="w-select search-fields"
            opt_values='Sujets...=- | Motivation | Health | Teamwork'
                        />
</cms:form>


Is it related to the "my_search_str" variable?
Thanks a lot!
I see that your <cms:form> contains the following params -
Code: Select all
mode="create" masterpage="search.php"

Using the 'masterpage' param makes the form a DBF (DataBound Form) where Couch expects that you'd eventually edit/create/modify a backend template (exactly like what we do from the admin-panel) and so it automatically adds a security token to it.

In the rest of your code, however, I do not see any indication that you are trying to do that. Perhaps it is a carry over from a copy/paste job of some previous code?

Anyway, what you require is a regular form so please remove the two attributes I mentioned above and that should get rid of the token.

Hope this helps.
Thank you very much!
It's working now. Have a great day!
You are welcome :)
6 posts Page 1 of 1
cron