invalid token during logging in

Everything to do with Joomla! 1.5 templates and templating.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Locked
aolweny
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Mar 10, 2011 4:05 am

Re: invalid token during logging in

Post by aolweny » Mon Aug 29, 2011 10:07 am

danielbprobert wrote:this may not work for all but just spent days trying to resolve this and the best i can come up with is dirty hack that seems to resolve the problem or well it did for me..

open this file: components/com_user/controller.php - take a copy as a backup in case it causes any issues on your site

find this code:

Code: Select all

function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or jexit( 'Invalid Token' );
replace it with this:

Code: Select all

function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');
amend the yourdomainname to match your domain then save and upload.

i've been unable to get a invalid token since i made this change hopefully no adverse affects but it works.
Hi there, thanks for this, it has worked for me too, I no longer get the invalid token message

tomjack
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Tue Aug 30, 2011 8:52 am

Re: invalid token during logging in

Post by tomjack » Wed Aug 31, 2011 2:11 am

Check for request forgeries

me too..

User avatar
adizlaja
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Aug 31, 2011 5:19 pm
Location: Dallas, TX
Contact:

Re: invalid token during logging in

Post by adizlaja » Wed Aug 31, 2011 5:22 pm

Thank you so much for that solution! It did the trick for me. Someone should sticky this topic so others are aware of it. There are tons of topics on this issue, with 90% of them not having a solution.

Again... thanks for the little trick with the code. :)
Please read forum rules regarding signatures: http://forum.joomla.org/viewtopic.php?t=65

paladinpro
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Wed Sep 07, 2011 4:40 am

Re: invalid token during logging in

Post by paladinpro » Wed Sep 07, 2011 4:46 am

I have had this same problem for a while now and relised that double clicking the login button will produce the "Invalid Token" error.

BodgeIT
Joomla! Apprentice
Joomla! Apprentice
Posts: 15
Joined: Mon Aug 22, 2005 8:38 am

Re: invalid token during logging in

Post by BodgeIT » Thu Sep 08, 2011 6:15 am

I've been having this issue for some time but only when logging in to the backend.
My work around until a valid solution is found is simply to delete the index.php from the url leaving:
http://www.mysite.com/administrator/

Been working for me for a few months. Sorry if this has already been posted, I haven't had time to go through 6 pages of posts.

User avatar
Chacapamac
Joomla! Ace
Joomla! Ace
Posts: 1087
Joined: Wed Feb 20, 2008 6:50 am
Location: Canada, Montreal
Contact:

Re: invalid token during logging in

Post by Chacapamac » Fri Sep 09, 2011 4:52 pm

Same problem here
Can God help us?
Marketing, SEO, Web development - Powered by Joomla!
http://www.grafcomm.ca/

TheRandalovic
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Jun 06, 2010 7:37 pm

Re: invalid token during logging in

Post by TheRandalovic » Fri Sep 09, 2011 10:22 pm

My backend issue started today. And the only thing I could think of is that Google Chrome released an update today. I could still log in using Internet Explorer.

This will probably not many others' problems, but if you are using Chrome, try clearing that cache and reloading your admin panel. Just worked for me a few moments ago.

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: invalid token during logging in

Post by davidosullivan » Thu Sep 15, 2011 3:35 pm

What totally baffles me is why after all this time Joomla has not been modified so that if the token is invalid it just goes back to the home page with an ERROR 'Invalid Security Token' rather than exiting to this awful blank screen with the words 'Invalid Token'?

I think we know roughly why this happens now (session time outs, caching etc), but if Joomla simply went to the home page with an error, users would try again and it would probably work. As it is the 'Invalid Token' exit and blank screen makes it look to the user like the whole site has crashed and does not work, so they leave, maybe never to return.

For some types of sites, this error makes it impossible to even consider using Joomla. Imagine if Facebook had this ridiculous way of dealing with invalid tokens? The web would be a very different place and Facebook would have never gotten off the ground.

I think its bonkers that this has not been fixed.

User avatar
Chacapamac
Joomla! Ace
Joomla! Ace
Posts: 1087
Joined: Wed Feb 20, 2008 6:50 am
Location: Canada, Montreal
Contact:

Re: invalid token during logging in

Post by Chacapamac » Thu Sep 15, 2011 4:42 pm

I’m completly in agreement with davidosullivan

Everything shoud be stop to work on that MAJOR problem...

A CMS whithout the ability to login is completly useless.

Stop few minute the dev of 1.7 and assure that your solid base of user is satisfied with the product.

I see this as a mounting trend for Joomla and component makers to direct all their efforts on the new platforme.

This is ok, until you keep the vast majority of user (Joomla 1.5) are not forgotten in the process.

The analogy here is:

Wen the new model of a car manufacturer come in the new year your discover that the car that you bought last year cannot be repair or primordial parts are no longer available.

You will probably never buy a car from that manufacturer for the rest of your life.

Please, don’t do this!

I like Joomla but if this platforme become unstable I will search elsewhere and look around you will see numerous old and new systems that I can choose from...

I’m not mad, just worry!
Can God help us?
Marketing, SEO, Web development - Powered by Joomla!
http://www.grafcomm.ca/

User avatar
alikon
Joomla! Champion
Joomla! Champion
Posts: 5941
Joined: Fri Aug 19, 2005 10:46 am
Location: Roma
Contact:

Re: invalid token during logging in

Post by alikon » Thu Sep 15, 2011 5:10 pm

@Chacapamac
your are not buying a "car" that new car is free

i want just remember that 1.6 and 1.7 are STS ie something like a concept car
despite 1.5 is a LTS something like a production car

the dev guys are working hard to fix as many issues they can and in the same time introduce
new features (the new ACL for example)

so don't worry but help discovering issues ...
8)
Nicola Galgano
i know that i don't know
www.alikonweb.it

User avatar
Chacapamac
Joomla! Ace
Joomla! Ace
Posts: 1087
Joined: Wed Feb 20, 2008 6:50 am
Location: Canada, Montreal
Contact:

Re: invalid token during logging in

Post by Chacapamac » Thu Sep 15, 2011 8:10 pm

You can be sure that I will try to help on this one

Just See that the problem creep up in 1.6, 1.7

See —> http://techjoomla.com/joomla-developmen ... a-16x.html
Can God help us?
Marketing, SEO, Web development - Powered by Joomla!
http://www.grafcomm.ca/

zarvan
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Mon Aug 29, 2011 12:55 pm

Re: invalid token during logging in

Post by zarvan » Fri Sep 16, 2011 7:55 am

Chacapamac wrote:You can be sure that I will try to help on this one

Just See that the problem creep up in 1.6, 1.7

See —> http://techjoomla.com/joomla-developmen ... a-16x.html
thanks man its vey usefull

smallpkgs
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Wed Dec 23, 2009 9:57 pm

Re: invalid token during logging in

Post by smallpkgs » Mon Sep 19, 2011 1:48 pm

Hi all

1. Brand new sites, using Joomla 1.7, plus JomSocial latest, etc.

2. Invalid Token errors.

3. Looked in vain for the file that has the "Invalid Token" redirect. It is NOT (no longer?) in components/com_user/controller.php, so in spite of success reported above I can't deploy this workaround, yet. Does anyone know where these lines are located now?

Code:
function login()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );

replace it with this:
Code:
function login()
{
// Check for request forgeries
JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');

I have lots of angry users clamoring for a return to J 1.5

I sure hope someone has an answer

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: invalid token during logging in

Post by davidosullivan » Wed Sep 21, 2011 2:29 pm

I will happily spend a couple of days working on a solution for what I believe is an absolutely crtitical flaw with Joomla. It simply needs to return to the previous page rather than exit and do so with an error message telling the user that their 'security token has expired, please try again'. Users absolutely hate this white screen, they just think they have broken the website. Most often this happens when users open their browser with the J! login page already open, since this is cached they get the error. You can explain they need to refresh etc but they don't understand it or like it because they don't have to do this on Facebook or other sites where logins work differently- and even if they do, they are not presented with a white screen with 'invalid token' on it!

It is a catastrophic usability nightmare, that really cannot be stressed strongly enough. All our other efforts and work are totally demolished by this error. You can have the most fancy sophisticated ACL in the world but what use is it if users are afraid to log in?

As I say I will happily spend some time fixing this IF someone from Joomla Dev will guarantee that the fix will be incorporated into the next release. I have been going on about this now for over a year. If someone would offer to do something Joomlas end, I'll be over the moon to try and do something our end. It just needs to be part of the core that if there is an invalid token it returns to the previous page with an error. Job done. It would be nice if the whole login could work differently so that things like 'keep me logged in' were available like they are just about everywhere else, but that can be done later. Just no white screen, return to previous page with error message, thats all we need. But we need the change to be permanent.

smallpkgs
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Wed Dec 23, 2009 9:57 pm

Re: invalid token during logging in

Post by smallpkgs » Thu Sep 22, 2011 6:46 pm

We have solved our problem -- we used the flawed J2XML importer/exporter tools for migrating an older site, and he data as imported was not normalized for the new DateTimeZone format, and so the Invalid Token white screen problem cascaded from that for some users -- BUT

david I must support and applaud your offer. it should not have been possible for the Invalid Token problem to present on a white screen, Flat-out, full stop no good. We suffered terribly form the bad experiences of a dozen Users who soured our splendid launch for untold dozens who were scared off by the few login probs by a few (loud) others. If your kind of solution were in play or at least available as a patch then this would have been FAR less serious for us.

I love Joomla beyond all time and space and appreciate the limitations and difficulties that Joomla dev face. But david is simply right: someone needs to understand that the entire CMS is useless if we scare off New Users, for something that can be easily remedied.

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: invalid token during logging in

Post by davidosullivan » Thu Sep 22, 2011 9:57 pm

Hey there all,

I have had a look into this in Joomla 1.7 and it looks like the new thinking is to call a 'jexit' function rather than just exit. This is quite a good idea as it means that we can just change that function and all the jexits are modified where as in J1.5 every component had its own exit command in it and so making changes was a real pain.

So that jexit function is in libraries/loader.php

Code: Select all

function jexit($message = 0)
{
    exit($message);
}
After some playing around I found that we can do this

Code: Select all

function jexit($message = 0)
{
	//We need to get rid of the awful 'invalid token' screen
	if ($message == JText::_('JINVALID_TOKEN'))
		{
		//find out where the user came from and send them back there with an error message
		JFactory::getApplication()->redirect(base64_decode($_POST['return']), JText::_('JINVALID_TOKEN_MSG'));
		}
    exit($message);
}
Its pretty self explanatory, it checks for the Invalid Token message (so that other exits still work) if it is there then it gets the application and redirects it to the submitted return value with a message. My message says 'Security Token Expired. Please try again.' and you add this to your language file in language/en-GB/en-GB-ini (for example). Look for 'JINVALID_TOKEN="Invalid Token"' and make it

Code: Select all

JINVALID_TOKEN="Invalid Token"
JINVALID_TOKEN_MSG="Security Token Expired. Please try again."
Be warned I am not sure of the security ramifications of doing this. The whole point of the token is to check for request forgeries (http://en.wikipedia.org/wiki/Cross-site_request_forgery) and this will redirect a forged request back to a page with a valid token on it. But then if it was the kind of exploit that could do anything with that information it would be able to do it by going to the login page in the first place...

Anyway, I'll be really interested to hear the reasons why J! cannot just handle invalid tokens on logins like this...

mhbetter
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Sun May 29, 2011 8:56 am

Re: invalid token during logging in

Post by mhbetter » Sat Sep 24, 2011 5:42 am

danielbprobert wrote:components/com_user/controller.php
Can someone please indicate what the correct file to modify is in Joomla 1.7? I checked the controller.php in the directory listed above, and there is no such code to modify!

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: invalid token during logging in

Post by davidosullivan » Sat Sep 24, 2011 11:10 pm

Hey mhbetter my solution above your post is what you are looking for ;)
Don't be put off by what I say about security as the previous solution for J1.5 would have caused the same issue- my version for J1.7 does the same thing basically, its just that J1.7 uses jexit instead of just the simple php exit (which is a bit like 'die'). jexit is a function, so what I modify here is the function, but only when the function exits with an 'Invalid Token' error- all other exits are unaffected.

User avatar
Chacapamac
Joomla! Ace
Joomla! Ace
Posts: 1087
Joined: Wed Feb 20, 2008 6:50 am
Location: Canada, Montreal
Contact:

Re: invalid token during logging in

Post by Chacapamac » Sun Sep 25, 2011 12:39 pm

thanks davidosullivan

Do you see a way that I can implement your change in 1.5?
Can God help us?
Marketing, SEO, Web development - Powered by Joomla!
http://www.grafcomm.ca/

romaba
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Wed Aug 04, 2010 6:22 am

Re: invalid token during logging in

Post by romaba » Fri Oct 14, 2011 10:05 pm

I deleted the cookies for the site and restarted my browsers(Firefox & Chrome) and that resolved the problem for me on both browsers. Before I deleted the cookies, I was receiving "Invalid Token" on both browsers.

User avatar
ethan6
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue May 19, 2009 8:10 am

Re: invalid token during logging in

Post by ethan6 » Tue Nov 08, 2011 5:50 am

I experienced this problem last year, and I decided to turn off "System - Cache" plugin. It worked like magic; the error went away. However, I noticed that my website www.mybln.com started to load 1.99 second later than before. It was a astronomical trade off to get rid of that error "Invalid Token".

I decided that I would solve it. I searched and tried most solutions posted on multiple websites, including joomla.org, some solutions work for others, while those solutions did not work for me.

I wanted to get the 1.99 second that I lost. I went back to "System - Cache" and under Plugin Parameters, I select NO for browser caching. Cache Lifetime: 10 minutes.

It worked. I reduced my page load speed, and the error was gone as well. I am not an expert. This error have a lot to do caching.

This may work for some of you, and it may not. It's is another solution.

Marc

Golum
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Nov 13, 2011 2:10 pm

Re: invalid token during logging in

Post by Golum » Sun Nov 13, 2011 2:19 pm

Mi solucion estaba en el plugin cache. desabilitarlo cuando no no se utilice el cache del sistema..
Google Translation:
My solution was in the plugin cache. disable it when not using the system cache ..

wendyp
Joomla! Apprentice
Joomla! Apprentice
Posts: 15
Joined: Wed May 20, 2009 5:44 am

Re: invalid token during logging in

Post by wendyp » Tue Nov 15, 2011 1:34 am

I had the problem using J 1.5.23 and registered users logging in to our online store (Virtuemart 1.1.4)
I discovered that users using the url 'mydomain.com' always got the Invalid Token message while users logging in from 'www.mydomain.com' did not.

I made sure the 'Live Site' on my configuration.php file was "http://www.mydomain.com" and that within VM-->Configuration-->Security, that the Site URL and Secure URL were both "http://www.mydomain.com/". I then added a 301 re-write to the .htaccess file - directly following the RewriteEngine On line:

RewriteCond %{HTTP_HOST} ^mydomain.com [NC]
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [L,R=301]

Problem resolved, doesn't matter if user now doesn't type in the www. They are auto redirected to www where the login will work correctly.
I think this would work whether or not you're using VM.

polpaulin
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 158
Joined: Wed Dec 22, 2010 12:00 pm

Re: invalid token during logging in

Post by polpaulin » Wed Nov 23, 2011 9:19 pm

replace Request::checkToken('request') or jexit( 'Invalid Token' );

it works

many thanks

polpaulin
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 158
Joined: Wed Dec 22, 2010 12:00 pm

Re: invalid token during logging in

Post by polpaulin » Thu Nov 24, 2011 7:15 am

instead of JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');

how can you get the $live_site from configuration.php ?

thank you

wendyp
Joomla! Apprentice
Joomla! Apprentice
Posts: 15
Joined: Wed May 20, 2009 5:44 am

Re: invalid token during logging in

Post by wendyp » Mon Nov 28, 2011 4:22 am

You need to edit the 'configuration.php' file which is in the root directory of the website. I found it necessary to firstly change the permission of the php file in order to save the changes. I did via ftp using Filezilla - you can change permissions of a file - with file selected - right click of the mouse brings up the required menu option. Then I opened the file, updated the 'live site' setting (on my file it was empty ie ' ' and I typed in the domain url into the space.) Then saved the file, then reverted the file permission to it's original setting. Done.

McParadigm
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Fri Nov 18, 2011 12:54 am

Re: invalid token during logging in

Post by McParadigm » Sat Dec 31, 2011 8:36 pm

My problem is very clearly browser cache related.

When someone logs in, closes the browser or leaves the site without logging off, and then returns to it, they get the "invalid token" bit when they try to log in. Every now and again a weirdo textbox pops up instead (?!?!?!?) but whatev.

The point is, hitting refresh on the browser before logging back in works, but that's not a great way to run your site.

My site is for a large school district, with the average uninterrupted session running 60 minutes and 2-4 students accessing the site on each computer over the course of a school day.

Bandwidth is a huge concern for these people. I used to have the browser cache set to 10 minutes, so that as students navigate around the image-heavy pages they don't run into lag or other issues. Now, I've had to cut it down to 2 minutes to avoid most of the "invalid token" events....working with 11 year olds, anything that can go wrong will.

Is there any way to preserve my ability to use browser cache without running into the invalid token issue? I tried the "JRequest::checkToken() or header('Location:..." approach, and it didn't help (I don't know if it's because I'm using a redirection login so that different user groups get sent to different places, or what, but I found three different files with the checkToken "Invalid Token" message!)....I'm sure my problem is the cache settings.

eMOTIVe
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Feb 05, 2012 5:19 pm

Re: invalid token during logging in

Post by eMOTIVe » Sun Feb 05, 2012 6:56 pm

It's absolutely insane that this issue is so widespread and no real solution.

I'm new to joomla but have been building php based web sites for 10 years.

I start fooling with joomla and start getting the hang of things and am liking. Last night I walk away from my recent site build using joomla. This morning I can't log in as a user. Just admin.

INSANITY!!!! Two hours of my day so far and no fix.

otreva
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Feb 14, 2012 4:34 pm
Contact:

Re: invalid token during logging in

Post by otreva » Tue Feb 14, 2012 4:37 pm

For me disabling the Google Authentication plugin fixed this problem.

tappy52dog
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 115
Joined: Sat Dec 17, 2011 7:45 pm

Re: invalid token during logging in

Post by tappy52dog » Mon Feb 20, 2012 7:14 am

Davidosullivan, does that fix still work for you? Does this fix you mention cause a security issue or anything else bad?


Locked

Return to “Templates for Joomla! 1.5”