Invalid Token on Login Screen

This forum is for reporting bugs in Joomla!. Please don't report problems with extensions in here.
Spellscape
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Sun Jan 03, 2010 9:54 pm

Re: Invalid Token on Login Screen

Post by Spellscape » Fri Jan 15, 2010 9:46 pm

My site also suffers from the Invalid Token - I think it started after Vmart 1.1.4
On admin login and on default poll mod

vrjim
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Oct 14, 2009 2:32 pm

Re: Invalid Token on Login Screen

Post by vrjim » Sat Jan 16, 2010 3:49 am

I had this issue but it was because I was using JomSocial. Sometimes it was caused by the server proxy and other times by JomSocial itself. To fix it I edited the Joomla user file where the Invalid Token error exists to instead redirect to a URL rather than showing the error. I made that URL the account page since even though it gave Invalid Token the user was logged in. You can also get this intermittently with JomSocial if you don't assign the JomSocial frontpage component as "public" somewhere on your menu.

bitterblackale
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Aug 21, 2009 3:22 am

Re: Invalid Token on Login Screen

Post by bitterblackale » Mon Jan 18, 2010 3:54 pm

We found a solution: If a user loads the page with the login form or registration form, then let's it sit there for several minutes (or take too long to fill-in the form), the randomly generated token used for authentication expires. Tokens are set to expire after 180 seconds - a more reasonable time limit might be 1800 seconds (half-hour) especially for registration forms - particularly if you have installed a customised user reg process, e.g. Jom_social.

The time limit is established in the file:
/components/com_community/models/register.php
search for "INTERVAL 180 SECOND" and replace with 1800

$query .= " WHERE `created` >= DATE_SUB('".$curDateMysql."', INTERVAL 1800 SECOND)";

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: Invalid Token on Login Screen

Post by davidosullivan » Thu Feb 04, 2010 10:48 am

@vjrm

any chance you could give us a bit more guidence/modify your post regards this issue.

Just wondering if you could tell me which files you changed here?

You said "To fix it I edited the Joomla user file where the Invalid Token error exists to instead redirect to a URL rather than showing the error. I made that URL the account page since even though it gave Invalid Token"

I have searched my entire site for 'Invalid Token' and cannot find it anywhere!

@bitterblackale I cannot find the file you are talking about either...

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: Invalid Token on Login Screen

Post by davidosullivan » Thu Mar 11, 2010 4:37 pm

In the end what I did to resolve this as a temporary fix was to make a bit of javascript that pulled the token from the yoologin module and passed it to thge registration form that was also being displayed in a module.

Its still not 100% though and I have just got another 'Invalid Token'

I think this one happenned because I had left the page open for a while without loggin in.

However they KEY thing here is to have Joomla do something more user friendly than just show a blank white page with Invalid Token on it as this totally destrys the suer experience.

Why can't Joomla send the person back to the page they were on with an error message just like what happens when you enter the wrong password, with a message saying 'Invalid Token. Please try logging in again'

User avatar
mcsmom
Joomla! Exemplar
Joomla! Exemplar
Posts: 7897
Joined: Thu Aug 18, 2005 8:43 pm
Location: New York
Contact:

Re: Invalid Token on Login Screen

Post by mcsmom » Wed Mar 17, 2010 9:53 am

You don't want to make it not check the tokens since they are there for security reasons. The token checks prevent one kind of attack that can implemented by submitting malicious code via a form.

I didn't realize you were not using the core login. Have you asked the developers for help?
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: Invalid Token on Login Screen

Post by davidosullivan » Wed Mar 17, 2010 12:55 pm

Hi yeah, I have spoken to both developers for help but of course all of the developers blame each other/me for their stuff not working and so don't think its their problem

i.e. we are using Mighty Extensions to manage users, we are using Yootheme to show the login box and we are using an extension that puts a component in a module to show the registration form on the same page.

Unfortunalety this cannot really work any differently. What we need is for Joomla itself to have a registration Module but it doesn't.

So what happens is that the login form gets the right token. Then the registration form creates another one that is wrong. So I use javascript to replace the token the registration form creates with the one the login form creates and this generally works.

So I think it is still checking tokens. What I'd really, really, really like is that if the tokens are wrong that you do not simply get sent to that awful useless customer relations destroying 'Invalid Token' page. I want you sent back to the previous page with 'Invalid Token' as an error. Why can't this happen? Why doesn't this happen anyway?

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: Invalid Token on Login Screen

Post by davidosullivan » Sat Mar 20, 2010 2:18 pm

Cmon people, all over the web there is this invalid token issue. I know its irregular and I know there are alot of factors involved in the causes.

I appreciate that it is a good security feature but why can't Joomla simply redirect to the previous page with 'Invalid Token' as the error, like it does you have a session expired error? This would take this issue from absolutely totally critical to relatively minor.

Currently the 'Invalid Token' screen makes it look like the site is not working AT ALL and the chances of a user trying again by clicking the back button are to my mind very slim. If the Invalid Token error simply returned you to the previous page with a message 'Invalid Token: Please try logging in again' users would probably do it.

Why is it that it doesn't work this way and please can someone who knows abit more about the Joomla core let me know how I can make it work this way if there is no downside to doing so?

User avatar
mcsmom
Joomla! Exemplar
Joomla! Exemplar
Posts: 7897
Joined: Thu Aug 18, 2005 8:43 pm
Location: New York
Contact:

Re: Invalid Token on Login Screen

Post by mcsmom » Sun Mar 21, 2010 12:53 am

Tthe thing is, in this case it's not Joomla! that's doing it, it is the extension you are using. Without seeing the code for that extension it's not possible to know how it is handling the problem.
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: Invalid Token on Login Screen

Post by davidosullivan » Mon Mar 22, 2010 7:38 pm

Hi there,

Yeah I am hoping the maker of the extension will be able to do something to fix it.

However in the mean time it would make the world of difference if Joomla did not send people to the blank 'invalid token' screen ever. If it could instead redirect to the previous page with an error that would be SOOO much better.

D

User avatar
mcsmom
Joomla! Exemplar
Joomla! Exemplar
Posts: 7897
Joined: Thu Aug 18, 2005 8:43 pm
Location: New York
Contact:

Re: Invalid Token on Login Screen

Post by mcsmom » Tue Mar 23, 2010 12:55 pm

Joomla! does not do that. I get invalid token messages all the time and don't get blank screens. j
The developer needs to fix the behavior on finding invalid token.
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: Invalid Token on Login Screen

Post by davidosullivan » Sun Apr 04, 2010 12:21 pm

Well I'll have a look at the code then but from what I have seen invalid token always seems to be followed by exit() wherever you look in the joomla code...

If you could point me to an example of where it doesn't I can easily copy and paste what it does do into the relevant place in the login and register modules I am using...

Fabbritzio
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Sun Jan 07, 2007 1:48 pm

Re: Invalid Token on Login Screen

Post by Fabbritzio » Tue Jul 27, 2010 5:36 pm

I understand this is a common problem, but there is no fix for this? I'm not using any special mods or plug-ins and i get quite often this error.

ktjonsson
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Feb 11, 2009 11:41 am

Re: Invalid Token on Login Screen

Post by ktjonsson » Fri Feb 18, 2011 6:35 am

Hello

I get "Invalid Token" when trying to login to admin in Firefox 3.6.13, try again later and it works.

Another one frequently occuring is I have to login multiple times, I only get in on second
attempt although username/password was correct.

Using Joomla 1.5.22 with PHP 5.2.14.

Cheers Ken

ktjonsson
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Feb 11, 2009 11:41 am

Re: Invalid Token on Login Screen

Post by ktjonsson » Fri Feb 18, 2011 8:06 am

I tried to clear browser history and login to front end of site:

1. First login fails, no message output
2. Second login gives "Invalid Token"
3. Third login gets me into the web site
4. If I clear browser history it all starts from (1) again

This is using Joomla 1.5.22 and PHP 5.2.14 running on a shared server with LiteSpeed.
Firefox 3.6.13. Site is offline at the moment so only admins can login.

We also get thrown out of back end frequently, and have to login again (even though we clearly
have been active within the last 15 mins...).

Any ideas?

Cheers Ken

nicmehr
I've been banned!
Posts: 36
Joined: Fri Feb 04, 2011 12:19 pm

Re: Invalid Token on Login Screen

Post by nicmehr » Fri Feb 18, 2011 8:21 am

what is your server`s OS ? linux or windows?
if it is windows , i think its from your php setting
you can run it in your localhost and test it

ktjonsson
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Feb 11, 2009 11:41 am

Re: Invalid Token on Login Screen

Post by ktjonsson » Fri Feb 18, 2011 8:33 am

Thanks for reply.

Server is running Linux (Ubuntu).

Cheers Ken

fidoboy
Joomla! Intern
Joomla! Intern
Posts: 57
Joined: Tue Feb 19, 2008 6:47 pm

Re: Invalid Token on Login Screen

Post by fidoboy » Fri Mar 18, 2011 1:21 am

I agree with davidosullivan, it could be very useful to have a plugin or fix to avoid that nasty 'INVALID TOKEN' white page. There is not any way to fix this easily?? Going back to previous screen and showing a message with more information for the user could be great; something like: please empty your browser cache and/or delete cookies and try again. Also may be that making a simple javascript that deletes all site session cookies could be amazing...

In my experience, this issue happens 90% of times when using Firefox, cause using Chrome or Safari it doesn't seems to happen anymore...

What you think? :pop

User avatar
craiggf
Joomla! Intern
Joomla! Intern
Posts: 68
Joined: Sun Dec 09, 2007 3:30 pm

Re: Invalid Token on Login Screen

Post by craiggf » Sat Mar 19, 2011 4:53 pm

Have had several LOGOUT problems with invalid token error.

Fixed it (for joomla 1.6.1) by adding the following code to the proper place in my templates mod_login directory file default.php

The code block is below to make it easier to find, the only change/addition is the last line (which I bolded and italicized).

<input type="hidden" name="option" value="com_users" />
<input type="hidden" name="task" value="user.logout" />
<input type="hidden" name="return" value="<?php echo $return; ?>" />
<?php echo JHtml::_('form.token'); ?>

It my/our case is was the login procedure that was not getting the (1.6.1 added the token) token info.

danielbprobert
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Fri May 13, 2011 5:32 pm

Re: Invalid Token on Login Screen

Post by danielbprobert » Fri May 13, 2011 5:46 pm

spend ages trying to resolve this try this i posted in another forum:

http://forum.joomla.org/viewtopic.php?p ... 1#p2500641
We will rule over all this land, and we will call it... 'This Land'.

fidoboy
Joomla! Intern
Joomla! Intern
Posts: 57
Joined: Tue Feb 19, 2008 6:47 pm

Re: Invalid Token on Login Screen

Post by fidoboy » Fri May 13, 2011 9:41 pm

danielbprobert wrote:spend ages trying to resolve this try this i posted in another forum:

http://forum.joomla.org/viewtopic.php?p ... 1#p2500641
You can make your hack even better if you use $mainframe->redirect('index.php','Alert message','alert'); and substitute 'Alert message' with your favourite message requesting the user to empty the browser cache or deleting domain cookies...

regards,

danielbprobert
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Fri May 13, 2011 5:32 pm

Re: Invalid Token on Login Screen

Post by danielbprobert » Sat May 14, 2011 5:29 am

true but i don't want my clients to even know there was an error doing it that way tells people there was problem...

although that does work just as well
We will rule over all this land, and we will call it... 'This Land'.

User avatar
adizlaja
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Aug 31, 2011 5:19 pm
Location: Dallas, TX
Contact:

Re: Invalid Token on Login Screen

Post by adizlaja » Wed Aug 31, 2011 5:32 pm

I got this from another thread here... it worked for a lot of people:

Open this file: components/com_user/controller.php - take a copy as a backup in case it causes any issues on your site.

Find this code:

Code: Select all

function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or jexit( 'Invalid Token' );
Replace it with this:

Code: Select all

function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');
Obviously, change yourdominaname with your actual domain.
Please read forum rules regarding signatures: http://forum.joomla.org/viewtopic.php?t=65

mhbetter
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Sun May 29, 2011 8:56 am

Re: Invalid Token on Login Screen

Post by mhbetter » Sat Sep 24, 2011 5:43 am

adizlaja wrote:I got this from another thread here... it worked for a lot of people:

Open this file: components/com_user/controller.php - take a copy as a backup in case it causes any issues on your site.

Find this code:

Code: Select all

function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or jexit( 'Invalid Token' );
Replace it with this:

Code: Select all

function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');
Obviously, change yourdominaname with your actual domain.

Can someone please indicate what the correct file to modify is in Joomla 1.7? I checked the controller.php in the directory listed above, and there is no such code to modify!

Thanks!

User avatar
rickenbacker
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Wed Jan 16, 2008 12:52 am

Re: Invalid Token on Login Screen

Post by rickenbacker » Wed Oct 05, 2011 5:20 am

For me this only ever happens if I enter the username and password and then hit the 'enter' key, if I click the 'login' button then it's fine.

davidosullivan
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Dec 02, 2006 4:54 pm

Re: Invalid Token on Login Screen

Post by davidosullivan » Wed Oct 05, 2011 10:19 am

This topic is more advanced in this thread (with Joomla 1.7 solution)

http://forum.joomla.org/viewtopic.php?f ... &start=150

katrotz
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sun Sep 19, 2010 2:51 pm

Re: Invalid Token on Login Screen

Post by katrotz » Sun Dec 11, 2011 4:37 pm

Had problems with login module and user component:
- invalid token
- sometime no change was reflecting when trying to login
- no redirect etc.
Finally figured out that the user component was acting funny because of the .htaccess configuration.
Solution was to remove the "action" parameter of the forms.

otreva
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Feb 14, 2012 4:34 pm
Contact:

Re: Invalid Token on Login Screen

Post by otreva » Tue Feb 14, 2012 4:40 pm

For me disabling the Google Authentication plugin fixed this problem.

irandream
Joomla! Intern
Joomla! Intern
Posts: 52
Joined: Fri Mar 25, 2011 7:06 pm
Contact:

Re: Invalid Token on Login Screen

Post by irandream » Mon Apr 30, 2012 5:26 pm

it is a known problem with a known solution.


http://forum.joomla.org/index.php/topic,251273.0.html


Locked

Return to “Joomla! 1.5 Bug Reporting”