Issues with Limesurvey and LTI

Hi all,

We are using Limesurvey Community Edition to implement surveys inside courses using the LTI 1.1 plugin.

It’s working pretty well. However, in a few random cases, it fails giving an error 400: Bad Request Bad Request; The CSRF token could not be verified; The request coult not be understood by the surver due to malformed syntax.

It’s been reported before, as there are many reasons why this could happen. In some cases, refreshing the page fixes the problem. But some users keep having the same issue even from different devices.

Has anybody here faced the same problem?

Did you see

If you have recieved a “CSRF Token” error in LimeSurvey you may need to set “LTI Launch Target” to “New Window” in OpenEdX to overcome this.

I work a lot with PHP and had a fast look at the code, LimeSurvey is based on a prehistoric version of Yii, saw some rather complex / cryptic way to handle CSRF, using cookies. In modern browsers like Chrome a lot has been changed regarding to cookies, maybe the problem is hiding there somewhere.

1 Like