Issues with Limesurvey and LTI

Andres.Aulasneo · October 11, 2022, 6:03pm

Hi all,

We are using Limesurvey Community Edition to implement surveys inside courses using the LTI 1.1 plugin.

It’s working pretty well. However, in a few random cases, it fails giving an error 400: Bad Request Bad Request; The CSRF token could not be verified; The request coult not be understood by the surver due to malformed syntax.

It’s been reported before, as there are many reasons why this could happen. In some cases, refreshing the page fixes the problem. But some users keep having the same issue even from different devices.

Has anybody here faced the same problem?

insad · October 12, 2022, 12:03am

Did you see

If you have recieved a “CSRF Token” error in LimeSurvey you may need to set “LTI Launch Target” to “New Window” in OpenEdX to overcome this.

I work a lot with PHP and had a fast look at the code, LimeSurvey is based on a prehistoric version of Yii, saw some rather complex / cryptic way to handle CSRF, using cookies. In modern browsers like Chrome a lot has been changed regarding to cookies, maybe the problem is hiding there somewhere.

Topic		Replies	Views
LTI with Google Chrome (iframe), Juniper and HTTPS via Nginx Site Operations Help	2	741	September 3, 2020
LTI 1.3 Deep Linking Integration with UbiCast – 404 Error Despite Correct Session/Cookie Setup Site Operations Help api , how-to , devstack , tutor , lti	1	110	June 25, 2025
LTI XBlock and SameSite Development	18	4498	February 8, 2023
LTI and juniper Site Operators juniper	4	1140	April 9, 2020
JUNIPER.MASTER - Fresh Install: Forbidden (CSRF cookie not set.): /change_enrollment Site Operations Help	11	3712	September 3, 2020

Issues with Limesurvey and LTI

Related topics