Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

error posting on an add on discusson

edited February 2009 in Vanilla 1.0 Help
I tried to post a question in the reply window at the end of the discussion on the YUI Editor add on page and got the following error..

Some problems were encountered
There was a problem authenticating your post information.

What kind of problems would that be? Are these discussions that are tacked on the end of Add Ons inof pages 'not valid' or something?


  • Options
    That usually means your session expired and/or another one was established. It's a anti-spam mechanism.
  • Options
    It is not an unexpected error. It is an CSRF protection added in Vanilla 1.1.x. Like Wallphone said, the CSRF vulnerability in Vanilla 1 could have been used for SPAM. The same vulnerability could have been used to change any setting permission or personal preference. Any action in Vanilla can trigger this error.

    If it haven't been an afterthought, these errors could have been better handled; it doesn't need to be an error message but a request for confirmation.

    Also at the time the fix has been apply, most articles talking about CRSF protection advocated to save a key in the session and to add the key to the form for checking the request were legitimate. However the key can be saved in a cookie (only your website can set the key.) which might be better than relying on session.

    I am sure Vanilla 2 will better handle CRSF protection.
  • Options
    edited February 2009
    I don't think I was logged out, as I came immediately back here and posted the problem without logging in.. I haven't been asked to log in since I registered here.. So evidently, the cookie is stored on my machine..

    Are the discussions on the add-ons page on a separate server? If so, where do I go to log on to that server? Will I need to register again? Or will my username and password from here be sufficient? Because it already shows me as 'logged in' at the top of the page...

    Or am I misunderstanding something?
  • Options
    You have the remember me option one. So when your session time-out , you lost your session data (the key to check that the form is valid is saved in the session data) and vanilla cannot validate the form. However Vanilla you still logged you with your "remember-me" cookie.

    You just had to click on the "add your comments" button again.
  • Options
    Ahh.. Okay I gotcha (I think.. :-))

    Any idea what to do about my problem with the YUI editor missing the default.php file as I posted in the PULLING MY HAIR OUT discussion? Are these files interchangeable, or custom for each add on?
  • Options
    sorry, I don't know much about this addon.
Sign In or Register to comment.