Fri, 10 Apr 2026 04:00:03 +0000 https://bugs.horde.org/ticket/7669 Clarify that actions prevented by CSRF tokens can be retried The default value for $conf['server']['token_lifetime'] is 1800. The problem with it is that when I'm typing a long email, that takes more than half an hour, then I can't send it, I get the following error: This request cannot be completed because the link you followed or the form you submitted was only valid for 30 minutes It is of course very annoying, since there is no apparent way to refresh this vaue automatically from the composition window. At this point, luckily, I can still save it as a draft, then reopen it and send it. Having an automatic refresher would be much more convenient, though. Workaround is to increase the value of token_lifetime. Wed, 12 Nov 2008 10:41:47 +0000 https://bugs.horde.org/ticket/7669#t50682 You can just send the message again on the reloaded screen. And this is a CSRF protection; what exactly about that do you consider a bug? Wed, 12 Nov 2008 13:39:12 +0000 https://bugs.horde.org/ticket/7669#t50689 Duh, sorry! I had the message several times, and I didn't think even *once* to retry sending it, only saving it to Drafts. I guess it's an automatic reaction acquired when TB has issues sending email. Of course I understand the security issue at stake here, not suggesting to remove the option, only to make its behaviour easier to understand. So to deal with dumb types like me, I would suggest adding something like this to the error message: "You can retry the action now" Sorry for that, thank you for your help. Wed, 12 Nov 2008 22:40:20 +0000 https://bugs.horde.org/ticket/7669#t50709 We should tweak the message. Thu, 13 Nov 2008 03:20:43 +0000 https://bugs.horde.org/ticket/7669#t50716 Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/Horde/Horde.php?r1=1.695&r2=1.696&ty=u http://cvs.horde.org/diff.php/imp/lib/IMP.php?r1=1.732&r2=1.733&ty=u Sat, 22 Nov 2008 04:01:39 +0000 https://bugs.horde.org/ticket/7669#t50910 Done. Sat, 22 Nov 2008 04:01:58 +0000 https://bugs.horde.org/ticket/7669#t50911 There is one more case where this feature needs improvement. When our users click "Log Out" after idling for > 30 minutes, they receive an unstyled white page with only the following text: "This request cannot be completed because the link you followed or the form you submitted was only valid for 30 minutes." There is no indication that the action can be retried. Indeed, it looks like a server error to many users because it is just text on an otherwise blank page. Worse, they may be misled into thinking that they have logged out. Mon, 08 Dec 2008 22:53:54 +0000 https://bugs.horde.org/ticket/7669#t51161 Changes have been made in Git for this ticket: Bug #7669: On invalid token during logout, redirect to initial page http://git.horde.org/diff.php/horde/docs/CHANGES?rt=horde-git&r1=fb4e3b7bec566917e72775db5e6233ac19738b01&r2=7c61bc0e09925169c1f4007253abbde4281bd98d http://git.horde.org/diff.php/horde/login.php?rt=horde-git&r1=d60db49628a9da0689acf915dd40e2ead2005f3d&r2=7c61bc0e09925169c1f4007253abbde4281bd98d Wed, 11 Aug 2010 05:36:19 +0000 https://bugs.horde.org/ticket/7669#t59590 Changes have been made in CVS for this ticket: Bug: 7669 On invalid token during logout, redirect to initial page Merge from git: 7c61bc0e09925169c1f4007253abbde4281bd98d http://cvs.horde.org/diff.php/horde/docs/CHANGES?rt=horde&r1=1.515.2.612&r2=1.515.2.613&ty=u http://cvs.horde.org/diff.php/horde/login.php?rt=horde&r1=2.175.2.17&r2=2.175.2.18&ty=u Wed, 11 Aug 2010 05:40:31 +0000 https://bugs.horde.org/ticket/7669#t59591 Fixed in Horde 3.3.9. Wed, 11 Aug 2010 05:41:15 +0000 https://bugs.horde.org/ticket/7669#t59592