1. Visiting from the US? Why not try DIYnot.US instead? Click here to continue to DIYnot.US.
    Dismiss Notice

Security error..

Discussion in 'Forum Information' started by cjard, 6 Jan 2018.

  1. cjard

    Joined:
    6 Sep 2008
    Messages:
    2,325
    Thanks Received:
    248
    Country:
    United Kingdom
    I noted recently a difficulty with posting from an iPad; I'd written the post, then had to go away and do something. Returned and submitted, only to be asked to log in again. After logging in, I was taken to a "security error" page and advised to hit back, refresh, and try again. Hitting back returned me to the topic, but no saved draft of my post from the server side / no pre-population of the text box by safari, effectively losing what I'd written

    Safari still has the content, as if I hit forward to return to the security error page, and then refresh I'm asked if I want to submit the form again. Submitting it again simply reproduces the security error, perhaps because the browser is submitting an expired security token with the form data.
    I could possibly recover the data by setting up an http debugging proxy on another machine and setting the iPad proxy settings, then resubmitting the form through the proxy and capturing the content.. But it's a considerable faff and quite the preserve of a tech savvy person..

    Could you please consider one of the following:

    - On the security error page, parrot a text box containing the post text the user was trying to submit, with an advice for them to copy it, go back, refresh and resubmit it if they want to
    - Take the submitted text and write it into the auto save draft for that thread, if possible
    - Turn off/bypass whatever security mechanism gives rise to a security error in the case of "logged out while writing, so asked to log back in during submit" - really the process should just ask for a login and make the posting once the user authenticates, even if the browser passed an old security token (if that's the mechanism - perhaps keep a list of the most recent 3 tokens, and if submit-that-demanded-login is using one of them, just post the content)
     
Loading...

Share This Page