[Koha-bugs] [Bug 18975] New: Wrong CSRF token when emailing cart contents

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18975

            Bug ID: 18975
           Summary: Wrong CSRF token when emailing cart contents
 Change sponsored?: ---
           Product: Koha
           Version: 16.11
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: OPAC
          Assignee: oleonard at myacpl.org
          Reporter: bc at interleaf.ie
        QA Contact: testopia at bugs.koha-community.org

When you are not logged into the OPAC and attempt to email the contents of your
cart you get the following error : "Wrong CSRF token at
/usr/share/koha/opac/cgi-bin/opac/opac-sendbasket.pl line 55"

Some testing shows:

If you log in before adding items to your cart then send it, it works. If
you're not logged in and you log in as part of sending the basket, the error
occurs

It must be that authenticating in that window doesn't set the session and id /
secret aren't being set before submitting
If you aren't logged in, click send the basket and log in, refresh the page
before sending, then send, it forces it to pick up the session and works

-- 
You are receiving this mail because:
You are watching all bug changes.