The Joomla! Forum ™

EDIT: Not fixed, still have the same issue. Sigh.
EDIT: Fixed I think - see bot of this post.


******
This error, is WITHOUT DOUBT, one of the most horric, frustrating errors I have EVER HAD.

Sorry for the caps - but christ. I have tried everything - all cache is turned off. Nothing works, I just randomly keep getting this error.
I'm using J1.523 with VM 1.18 using the VM login module.

JRequest::checkToken() or header('Location: http://www.mydoman.com/'); does not work.

Please someone from the dev team, someone help me out here. I'm spending so much money (hours - working for free, because I built the site and its not working) on this. What can I do?
****

Ok, I think I have found a fix for this - if you are using the VM login module anyway.

Add this to the VM file below.



File which is: modules/mod_virtuemart_login.xml]


Ok that did not work. This is a joke, seriously.

I tried this:



And I still get the error.

Hi,
my experience with "Invalid Token" is:
I have this message if one new user try to register after installed phpstats on the website.
I removed the phpstats php code at bottom of index.html and the registration works fine again.

I hope this can help someone

Bye

I have noticed that the invalid token is activated if a user either double clicks on the login button (they shouldn't but many user don't know that they are not supposed to double click a button) OR if for some reason they have browsed away and using the browser back button to get back to the log in page and tries to log in again.
This happens in Chrome but not in Firefox.
None of the solutions re cache etc works for this problem.

any suggestions?

You are correct Michael, this happens to my users as well. I have had to turn off all system cache'ing options; thus my site is now a lot slower. Its either a slow site, or this awful bug, which has not been fixed. With cache'ing turned off, I do not get any issues.

I have turned off both the system and the template cache, but the invalid token still persists if a user double clicks the login.
I think this is a major problem for the useability experience and can kill a site.
Any other suggestions??

What J version you running Michael, and what login module you using - I'm using the VM login module; specifically the mod_virtuemart_login module. I'm using J 1.5.25 / VM 1.1.8.
I make sure I have the system cache (from the plugin page) turned off, then Global > System Cache turned off as well, and then various parts of my template are not cached.

This is an annoying problem, for sure - basically its ruining my site; customers are just not purchasing goods because the site is slow, but enabling cache causes errors. The client is not happy, I have said later version of Joomla have (supposedly) fixed this issue, and she should upgrade, but she does not want to pay out for the upgrade.

On another note - make sure you have Admin Tools installed, got some good features like clearing out cache etc.. Might make a difference.

What I normally do, is create a backup site - using a sub-domain name, the use Akeaba backup to back my live site, reinstall this on my sub-domain, then implement various plugins, and test things. I assume you have this setup already, so you could try using a different login module, or remove all other non-essential plugins/modules and test.

Think I have solved my problem with this error.

Here is a list of things to check/try.

Check tmp directory has 755 permissions – was 705 – some improvement but still there
o System Cache plugin – turned off use browser caching – immediate testing suggests this might be the fix
o Global Config – Session Handler to None – already in place
o Deleting and recreating login modules
o Resolving mixed URLs with
¿ setting Live Site to www. and reversing Server alias on Control Panel, and then going via phpMyAdmin to jos_menu table to correct old links, or
¿ Add to htaccess
AuthName MYSITE.com
RewriteCond %{HTTP_HOST} ^MYSITE.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.MYSITE.com$
RewriteRule ^/?$ http://www.MYSITE.com [R=301,L]
o Ensure that global and component configs have identical site URLs (ie with or without www.)


However, this hack seems to have fixed the issue for me. It removes the invalid token check;
open: components/com_user/controller.php

look for:


replace with



This was copied from another post. I have logged in, pressed back, logged out - (after enabling Cache settings in global config - which is what caused my Invalid Token issues), logged in multiple times and not got the error.
Hope this helps.

i had the problems with Invalid Token i solved it by turning off the system cache

_________________
A Joomla games website http://www.jeuxgratuitflash.com
http://www.jeuxgratuitflash.com/les-jeux-en-3d.html

You are right, even though I applied the above hack and tested the site 20 times - added over 100 + products, created new users, pressed back button - after two weeks the invalid token error was still there. Even with the above hack that removed the actual code, it was still there. This is an awful, awful bug. Going to have to upgrade to 2.5 I think. I cannot have system cache turned off, my site is just too slow.

Moving to Joomla 2.5 will not solve the problem, I had just posted this...
viewtopic.php?f=616&t=721241

As explained there I think it is related to the way the URL looks to forms, maybe someone can help us a bit more...

Ugh, just ugh. Well, thanks for letting me know. I was planning to see the release notes to see if they have, finally, figured out exactly what is causes this serious bug. Please keep this post updated with your results.

Hi: I think I got a function that could solve this, you can see moe details on the URL of my last post...

viewtopic.php?f=624&t=721241&p=2823881#p2823881

Hope it helps, greetings from Argentina...

Sad to say, I now have it. Did not change a thing, edited an article and moved another to a different category. Logged out. Now, Invalid Token message blocks getting in to a 1.5.26 site.
Is there no fix for this madness or a way to at least clear it from cpanel so the site can be logged into?
With this long litany of problems with the feature, it seems like the present cure may be as bad as the original problem it was intended to fix.
I've cleared cookies, session variables, turned off left off etc and still am blocked for the admin login.
Any advice for some solution is welcome otherwise it looks like a day or two of trying various attempts to find one of the proposed code fixes that may solve the problem or not, even temporarily.
Joomla Team, this one should get escalated based on the sheer number of posts here.

Hi guys, the original "forgeries" invalid token fix mentioned by another here also fixed my issue. Actually I added it to other controller files in another component such as in my Adsmanager installation and the errors went away there too!

Go to Plugins -> System - Cache. If it is enabled just select No for browser caching under Parameters. The problem is gone (Joomla 1.5).

Thank you, Marc!

I had 'invalid token' when I had 2 databases mixed.

So, my database contained 2 databases with different prefix.
1 database was from Joomla 1.5
and the other one from Joomla 1.7.

And somehow in my configurationfile was the wrong prefix.
I made an error somewhere in the upgradingprocess and mixed up configurationfiles, databases and prefixes.

Check if you also mixed things like that up.

_________________
Once I start asking questions, I usually find the answers myself.

have you looked at this thread already? viewtopic.php?f=199&t=251273

Now it´s working for me!!!! It was the .htaccsess file!!!

My Web hosting company fixed it!

I had 2 problems:

1. Invalid Token

2. Very slow update in browser when change were made in back end.

I contacted The host about the update issue.
When I made a change in back-end it took like 3-5 minutes before I could see the change.

Token issue, I have tried everything without any improvement.
I could not even log-out, the button was disabled.


My host (Surftown) told me that their server Litespeed had an built-in cache function that could be de-activated by applying these rows of code in the .htaccess file in the domain folder.

RewriteEngine On
RewriteRule (.*) - [E=Cache-Control:no-cache]


My update issue disappeared, but also my invalid token problem too!!!