CSRF attack recognized

Ok, I try to explain why and when this message appears:

In simple words a CSRF attack means that someone else uses your form in order to execute commands in your context without your knowledge.

en.wikipedia.org/wiki/Cross-site_request_forgery

To prevent this the web app (here uddeIM) creates a random number that is delivered within the form. Only the correct user can fill in the form and send it back, a different user with the wrong number will raise a "CSRF attack" error.

The problem is that when a user uses the back button the session which stores the number on server side is also destroyed, so that uddeIM cannot verify the correctness of the number and raises the error. Also when a user does not allow cookies or uses a web washer, this error may appear.

Since I have not heard that a uddeIM site was used for a CSRF attack before it is ok to switch the protection of. I added it because of a request of a very major site which could be used for such an attack.

Hi!

found this post from google... uddeim donator here. A quick question:

We had enabled CSRF control, worked ok. But, when we included the form in component loader ( extensions.joomla.org/extensions/core-enhancements/embed-a-include/10721 ) the error appears (special situation, we had to include the form outside normal layout).

Is there a non-hack way to disable CSRF for that situation?
( otherwise I can touch the code in uddeIMwriteCSRF() / uddeIMcheckCSRF() for this situation ).

Thank you!

Sure, you can disable this in uddeIM backend (system tab).