Page 1 of 2

Invalid Token on Login Screen

Posted: Fri Jan 11, 2008 12:55 pm
by StarShaper
I've already read the Sticky of masterchief.
Due to a recent security fix, some problems may be introduced with existing 1.5 sites.  The know issues are as follows:

Invalid Token page displays when trying to login

Older 1.5 templates, 1.0 templates working in legacy mode, or those using customer login code or using layout overrides will experience this problem.
I'm getting this error with Firefox 2 on the Backend. The Backend Template is the original Joomla 1.5 Template. This can't be the reason for this error.

But whats then the reason?  ???

NOTE:  Message Icon changed to Solved

Re: Invalid Token on Login Screen

Posted: Fri Jan 11, 2008 2:11 pm
by 3wP
what svn?
templates/ 9876 6 days eddieajau Fixed missing token in offline page
could be this 1...

http://joomlacode.org/gf/project/joomla ... threv=9876

Re: Invalid Token on Login Screen

Posted: Fri Jan 11, 2008 3:47 pm
by StarShaper
3wP wrote: what svn?
Always the newest. (9922)

After awhile the message was gone. Now it works.

It seems to me that this bug appears from time to time.

Re: Invalid Token on Login Screen

Posted: Fri Jan 11, 2008 4:05 pm
by 3wP
please report if it appears again - mark the topic solved if it's gone for good...

and sry on the svn part dude :)

i knew that if i'd just used my "top block memory" and thought of the info in the other post i replied to lol

Re: Invalid Token on Login Screen

Posted: Fri Jan 11, 2008 5:44 pm
by AmyStephen
StarShaper -

Did you get this error after timing out? And, relogging in?

Did you get this error immediately after applying new SVN contents?

I also got this error on the Administrator logon last night. But, I was testing with this code - and modifying it - so, I assumed it was related to that (and it likely was.)

Could you share a bit more on what you were doing when it happened. And, also, maybe you and 3wp, too, could try to create a timeout situation to see if you can recreate the problem.

As you both know, Andrew added this code for important security fixes recently discovered, so, we do need to be very diligent in taking seriously any reports of errors in this area. It's really new code and really complicated work.

Thanks!
Amy :)

Re: Invalid Token on Login Screen

Posted: Fri Jan 11, 2008 10:44 pm
by 3wP
I have had a lot of of timeouts today (working yep ;) )

no problem with invalid token at any stage.

I am really aware of this issue, and take it seriously, + i will certainly report any circumstance if i get a new prob with it. :)

Hard to say if it's still an issue as long as it is not appearing anymore at my end...

Re: Invalid Token on Login Screen

Posted: Fri Jan 11, 2008 11:01 pm
by StarShaper
Of course, I will provide any information I have. But there is no much stuff to say. I was tryin to do a normal login when it appeared.

After approximately 5 minutes I tried it again and it worked.

Re: Invalid Token on Login Screen

Posted: Sun Jan 13, 2008 10:54 pm
by mcsmom
StarShaper,

What php version are you on?

Re: Invalid Token on Login Screen

Posted: Mon Jan 14, 2008 12:37 am
by ircmaxell
Also, could you update to the latest build (9939)?

Re: Invalid Token on Login Screen

Posted: Mon Jan 14, 2008 9:58 am
by 3wP
Hi

an update from me as well me to regarding the php version i am on - refering to:

http://groups.google.com/group/joomla-d ... 23d49f2496
.....we were able to
reproduce it on php 5.2.2 and 5.2.3
I am on 5.1.4

= no warnings/errors on at the moment, at any stage where i have tried to reproduce it...

AND: I checked another post where starshaper posted his system info. his php version was 5.2.5 i believe..

http://forum.joomla.org/index.php/topic ... msg1152087

Re: Invalid Token on Login Screen

Posted: Mon Jan 14, 2008 6:16 pm
by latino
Hi:

I am having this invalid token problem too. First was fixed with the patch provided by Andrew at this post:
http://joomlacode.org/gf/project/joomla ... threv=9876

But it is happening NOW when user make a type a wrong password.  Please HELP as this is a really bad. I am using svn 9940, PHP 5.2.5 and Apache 2.2.6, RHEL 4. Using RT mediamogul template.

Later

???

Re: Invalid Token on Login Screen

Posted: Mon Jan 14, 2008 7:36 pm
by mcsmom
Not great, but if you do an f5 and empty your browser sessions you should be able to get back in. Also you could close your browser and open again.

Re: Invalid Token on Login Screen

Posted: Tue Jan 15, 2008 1:53 am
by AmyStephen
Also - for those who have this problem, please provide your system information, like Latino did.

The developers are well aware of this problem and it is getting *the* focus right now.

As Elin has indicated, closing your browser - or refreshing your screen - can remedy the problem while waiting for a real fix.

Re: Invalid Token on Login Screen

Posted: Wed Jan 16, 2008 4:44 pm
by ircmaxell
NOTE TO ALL!  A fix has been incorporated into the latest SVN (make sure you're using http://joomlacode.org/svn/development/releases/1.5/) for this and other major session bugs.  Please update and retest!

Re: Invalid Token on Login Screen

Posted: Thu Jan 17, 2008 2:03 am
by mcsmom
StarShaper,

If your issue is resolved, can you please change the icon on the first message?

Thanks

Re: Invalid Token on Login Screen

Posted: Tue Feb 05, 2008 9:02 pm
by jchris
disregard

Re: Invalid Token on Login Screen

Posted: Thu Mar 20, 2008 5:29 am
by warthogweb
This problem occurs both with 1.0 and 1.5 but, in normal usage, always with FF2, Opera, NS7 and never with IE6 and Safari for PC. It seems to be more a browser problem than a PHP problem. As others have noted, the problem is random, mysteriously correcting itself for a while.

I have cleared all private info from FF, rebooted, reloaded and cleared the session table with no success.

Has anyone yet developed a surefire fix for this thing?

Martin

Re: Invalid Token on Login Screen

Posted: Thu Mar 20, 2008 6:20 pm
by ircmaxell
warthogweb wrote:This problem occurs both with 1.0 and 1.5 but, in normal usage, always with FF2, Opera, NS7 and never with IE6 and Safari for PC. It seems to be more a browser problem than a PHP problem. As others have noted, the problem is random, mysteriously correcting itself for a while.

I have cleared all private info from FF, rebooted, reloaded and cleared the session table with no success.

Has anyone yet developed a surefire fix for this thing?

Martin
Ummm... this issue has been fixed for a while... Do you have a site I could visit (you can PM if you feel comfortable)?

Re: Invalid Token on Login Screen

Posted: Sat Mar 22, 2008 10:46 pm
by tenaki
Hi I am getting this as well.

I am running php5
linux
Latest version of joomla

Unfortunately I had made a few alterations before it happened so I am not sure if any of them caused the problem

I had changed .htaccess, set SEF to yes etc

Also activated the following plugins

OpenID
Gmail login

The login screen comes up ok but thats it, I can't access the panel, also the website won't load

Re: Invalid Token on Login Screen

Posted: Sun Mar 23, 2008 1:48 am
by mcsmom
It may be that you don't have the environment needed for OpenID. Go into your database and unenable gmail and openid and see if you can then login.

Re: Invalid Token on Login Screen

Posted: Sun Mar 23, 2008 10:01 am
by tenaki
Hi I couldn' get in the admin panel at all. I tired for at least an hour then gave up. I have uninstalled it as there wasn't anything it could do that version 1.0 couldn't so I installed that instead..

I am sure the tech guys will get it sorted but should it really be stable?

Re: Invalid Token on Login Screen

Posted: Sun Mar 23, 2008 10:52 am
by mcsmom
It is extremely stable. Unfortunately, I think you did not read all of the requirements for using OpenID prior to enabling the plugin. That is why I suggested that you go to your database and change the statust to unenabled. Do yu know how to go to your database?

Re: Invalid Token on Login Screen

Posted: Sun Mar 23, 2008 11:56 am
by tenaki
Hi yes I do know how but I still couldn't get into the admin panel.

If something is stable that means all features work out of the box surely not some of them. If OpenID doesn't work unless special requirements are met then it shouldn't be included as a core part

Re: Invalid Token on Login Screen

Posted: Thu May 22, 2008 11:35 am
by radopod
I am having the same problem. It pops up mysteriously. Apparently it even shows up when I click 'submit' on the Signup page! Any help devs?

Re: Invalid Token on Login Screen

Posted: Sat May 24, 2008 1:15 am
by rlubensky
Yup same with me, first time I've seen this today. At least it has only taken me 2 minutes thx to this forum that i'm not facing this alone. But unfortunately, a site preview was planned for today.... All ideas welcome...

Re: Invalid Token on Login Screen

Posted: Sun May 25, 2008 1:03 am
by mcsmom
Are you using one of the core templates?

Re: Invalid Token on Login Screen

Posted: Wed Oct 01, 2008 8:45 pm
by Bloor7
Sorry for the bump, but I noticed this is still not fixed. I have been having this problem for weeks. I can't login on my public page, nor on my admin page. Whenever I try to, the pages only refreshes with no success and no error message or anything. When I try sometimes logging in on the public page, rarely I will get the "Invalid Token" screen. Most of the time nothing happens and the page only refreshes. Like its on some endless loop.... I need some help here :eek:

Re: Invalid Token on Login Screen

Posted: Wed Oct 01, 2008 11:08 pm
by mcsmom
This is probably not the same issue. Have you tried in a different browser?

Re: Invalid Token on Login Screen

Posted: Sat Oct 11, 2008 2:36 am
by cindymt
I am new to Joomla, installed, had it running smoothly a few weeks. Tonight, amongst other things, I activated some modules that had been there to see what they were/what they do, and I installed Firebug, and now I am getting invalid tokens repeatedly. Did so many things I don't know when it began, though it does seem to be related to when the login-times-out. That is the first time I noticed it, I think.

Joomla 1.5.7., Firefox 3.03

These instructions below that I am finding online do not seem to apply (the "offending" line of code is not found in the file, there is only one reference to "token" at the end of the file.)

<input type="hidden" name="<?php echo JUtility::getToken(); ?>" value="1" />

And change it to:

<input type="hidden" name="<?php echo JHTML::_( 'form.token' ); ?>" value="1" />

Re: Invalid Token on Login Screen

Posted: Fri Aug 21, 2009 3:33 am
by bitterblackale
I'm working with a site that get this error only in IE8 seemingly. As much as I would LOVE to just not support IE8, which shouldn't be called a web browser since it doesn't comply with w3c standards, I don't have that option.

My users are getting the invalid token when logging in immediately after registration. The main feature of the site is jom_social, but I don't think the login module has anything to do with it. Re-installing is not an option.