Project

General

Profile

Bug #7625

User unable to register - gets "Forbidden" message

Added by scott voth over 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
-
Category name:
Registration
Target version:
Start date:
2017-02-05
Due date:
% Done:

0%

Estimated time:

Description

Hi - This is an issue coming from Zendesk. User is trying to register for the Commons and is getting "Forbidden" message. See attached. She is using a cell phone.

forbidden.png (42.8 KB) forbidden.png scott voth, 2017-02-05 01:17 PM

History

#1 Updated by Boone Gorges over 2 years ago

  • Status changed from New to Reporter Feedback

Hi Scott - Thanks for the report. Did the user provide any information about exactly how the error was arrived at? Specifically, how did the user first get to the Register page? The Forbidden message is a spam-prevention tool that should only be triggered when the registration form is submitted without first visiting another page on the Commons; is it possible that the user navigated directly to https://commons.gc.cuny.edu/register/ without first visiting another page? (If this is in fact what happened, I still consider it a bug, but knowing one way or the other will help narrow down where to start looking.)

Additionally, it'd be helpful to know whether the user has any non-default settings in the device's browser. Specifically, any settings that prevent the browser from accepting cookies from the Commons have the potential to cause an error like this.

#2 Updated by scott voth over 2 years ago

Hi Boone - When she first reported the issue I sent her the direct link - so she probably did not visit another Commons page. But on the initial time, she access it via main page. I have asked about her brower settings.

#3 Updated by Boone Gorges over 2 years ago

Thanks, Scott. Let me know what you hear back.

For my own notes: our cookie-based blocking technique doesn't block only POST, but any visit to /register/ that doesn't contain the proper cookie. Perhaps this should be revisited, since the initial GET request would set the cookie on a normal visit.

#4 Updated by Boone Gorges over 2 years ago

  • Target version set to Not tracked

Hi Scott - Did you ever hear back from this user?

I'm a bit concerned that this issue pops up more frequently than we hear about, because users who run into the problem simply give up and walk away. I'm going to loosen the restriction, so that only POST requests are blocked. https://github.com/cuny-academic-commons/cac/commit/f32c1f7f0f0b30b3db5a997c2d45be87cd60e3f4

#5 Updated by Boone Gorges almost 2 years ago

  • Status changed from Reporter Feedback to Resolved

Haven't heard back, so I'm assuming it's not a huge issue anymore.

Also available in: Atom PDF