Jump to content

Disable back office token


Recommended Posts

There's a way to disable back office token?

I often keep several tabs of the browser opened with back office pages, the problem it's that after a while when reopening these tabs Prestashop show message: "Invalid token: direct access to this link may lead to a potential security breach", so I have to reload all these pages again.

This happens on PS1.7.7 (PHP7.3) while on the previous PS version I was using PS1.7.4 (PHP7.1) this didn't happen.
So I'm wondering if there's a way to avoid this.

  • Like 1
Link to comment
Share on other sites

  • 10 months later...
  • 11 months later...
  • 6 months later...

I was running this solution for month, it was nice, but this morning (24/1/24) the backoffice is in error 504...
Removed the Apache .htaccess instruction and it work again...

#SetEnv _TOKEN_ disabled

Anybody have solution to remove the token again ?

Prestashop log

*ERROR*     v1.7.8.11    2024/01/24 - 09:18:30: Token is not defined ! at line 229 in file modules/ps_metrics/src/Helper/PrestaShopHelper.php

Apache log :

2024-01-23 17:14:39Error217.30.10.68[client 217.30.10.68] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.officedental.fr"] [uri "/.env"] [unique_id "Za-l74e3vi0HlsyAzJfW9gAAANg"]

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...