Correct me if I'm wrong but I think secure form works like this: User visits form page, which does two things before returning the form. One is it sets a session variable to some key, and two is it sets a hidden form field to that same key. When the form is submitted the hidden key is also submitted and compared with the key set in the session. If they match the form is processed and if they don't match you get a cross-site forgery error. Anyway, the bottom line is that these keys are not matching for you which is why you're getting the error. My guess is that the hidden form field key is getting set just fine since the form works in all your other browsers. The problem is likely with the session. Are you sure the session is working properly on this machine? Check whether the browser has cookies enabled since this will impact session functionality.
-Michael On Mar 18, 12:18 am, ian <[email protected]> wrote: > Hello all > > I have a ie6 user for whom all secure forms are throwing cross-site > forgery errors. > > It's only one user, and none of our other test machines have this > problem. I can't recreate it in any browser, and no one else has the > problem. > So I'd be tempted to blame the flaky setup of this very old machine. > > The thing is I have just been in that area because I recently put a > specific error page in. So I probably duffed it up somewhere. > > I've tried a lot already and the last thing I can think of doing is > logging every little thing and asking the user to try again... > > I just want to ask has anyone had a problem like this before? -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
