Beta 2, frontend login error: security token did not match

Be informed that this forum is not an official support forum for Joomla! 4.0. Any issues regarding Joomla! 4.0 must be reported at https://issues.joomla.org/.

Joomla 4.0 is still in Beta stage. This forum should be used for sharing information about Joomla! 4.0.

Moderator: ooffick

Forum rules
Post Reply
andoo
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Jun 03, 2020 9:08 pm

Beta 2, frontend login error: security token did not match

Post by andoo » Wed Jul 01, 2020 9:36 am

Started a project on Joomla and gone straight with 4.0 beta 1. Trying to log-in on the frontend worked sometimes, sometimes didn't and I got the error: The security token did not match. The request was aborted to prevent any security breach. Please try again.

Since the update to beta 2 I can't log in at all. Everytime I try I get:

Warning
Your session has expired. Please log in again.
The security token did not match. The request was aborted to prevent any security breach. Please try again.


Tried to change session hadler from APC User Cache, Database and Filesystem and still nothing.

I'm not that familiar with Joomla but searching the forums I found that kind of issue dating back to the beginnings of it. Thank you for any help. I'm puzzled.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 12793
Joined: Thu Feb 15, 2007 5:48 am
Location: Zagreb, Croatia

Re: Beta 2, frontend login error: security token did not match

Post by toivo » Wed Jul 01, 2020 9:53 am

Welcome to the forum!

The issue you reported is definitely not common, based on experiences in daily testing of different versions of Joomla 4 from Alpha to the current Beta 2 in the last couple of months.

Suggest that you clear the cache and cookies from the back end of your test and development site. Clear the temporary web files from your browser, too. Use the latest version of a different browser.
Toivo Talikka, Global Moderator

User avatar
ceford
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 109
Joined: Mon Feb 24, 2014 10:38 pm
Location: Edinburgh, Scotland
Contact:

Re: Beta 2, frontend login error: security token did not match

Post by ceford » Wed Jul 01, 2020 10:02 am

Reload the Login page and try again. It is not obvious but the login form contains a token that will expire if your session expires. Leave the session Handler set to Database unless you have some very good reason to change it.

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4173
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Beta 2, frontend login error: security token did not match

Post by gws » Wed Jul 01, 2020 10:56 am

Well quite strangely I get the same message when I log out of J4 beta1. Otherwise all is working fine.
@ceford you state "Leave the session Handler set to Database unless you have some very good reason to change it." I am under the impression that changing this is better? Have you read something that I have missed?

andoo
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Jun 03, 2020 9:08 pm

Re: Beta 2, frontend login error: security token did not match

Post by andoo » Wed Jul 01, 2020 11:08 am

toivo wrote:
Wed Jul 01, 2020 9:53 am
Welcome to the forum!

The issue you reported is definitely not common, based on experiences in daily testing of different versions of Joomla 4 from Alpha to the current Beta 2 in the last couple of months.

Suggest that you clear the cache and cookies from the back end of your test and development site. Clear the temporary web files from your browser, too. Use the latest version of a different browser.
Just made a reply that lost what I have written. I guess I have another problem with phpBB besides Joomla :-\ Tried with another browser and the problem wasn't present there. I guess the problem had to do with my default browser. Maybe disabling browser cache for dev purposes.

andoo
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Jun 03, 2020 9:08 pm

Re: Beta 2, frontend login error: security token did not match

Post by andoo » Wed Jul 01, 2020 11:15 am

ceford wrote:
Wed Jul 01, 2020 10:02 am
Reload the Login page and try again. It is not obvious but the login form contains a token that will expire if your session expires. Leave the session Handler set to Database unless you have some very good reason to change it.
Tried a dozen of reloads. After Toivoi reply narrowed down the issue to my default browser. Maybe disabling browser caching from Developer Tools had something to do with that.

Just sorted out Cassiopeia menu dropdowns exactly how I wanted and I was in the "nothing can stop me now" modd, and didn't thought to check that too. :o

User avatar
ceford
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 109
Joined: Mon Feb 24, 2014 10:38 pm
Location: Edinburgh, Scotland
Contact:

Re: Beta 2, frontend login error: security token did not match

Post by ceford » Wed Jul 01, 2020 11:20 am

gws wrote:
Wed Jul 01, 2020 10:56 am
Well quite strangely I get the same message when I log out of J4 beta1. Otherwise all is working fine.
@ceford you state "Leave the session Handler set to Database unless you have some very good reason to change it." I am under the impression that changing this is better? Have you read something that I have missed?
No - just that a newcomer does not really need to change defaults to get started. Having said that, I see the default is File System so I must have changed it myself. And I don't remember why!

deleted user

Re: Beta 2, frontend login error: security token did not match

Post by deleted user » Thu Jul 02, 2020 2:22 pm

ceford wrote:
Wed Jul 01, 2020 10:02 am
Leave the session Handler set to Database unless you have some very good reason to change it.
Just for the record, the database session handler is the default handler mainly because it's the one that's guaranteed to work out of the box 100% of the time every time, as it's the only one Joomla can fully configure and control on its own.

The filesystem handler, which generally I recommend as it will be slightly more performant than using the database, requires PHP to be configured properly otherwise it will crash and Joomla will be totally unusable. To use it, PHP has to have a filesystem path configured for use and it have the appropriate permissions as PHP will need to be able to read files from it, write files to it, and if session garbage collection is enabled to delete files from it. Joomla 4 does add a config parameter to let you define your own filesystem path and not rely on the PHP session.save_path INI configuration, as well as having a fallback to the system temporary directory (as defined by the sys_get_temp_dir() PHP function) if neither of those paths are configured, so the CMS does try a bit harder to make the filesystem handler work but if the permissions are wrong then it's game over.

The other session handlers (APCu, Memcached, Redis, and WinCache) all rely on optional PHP extensions so couldn't even be considered as defaults if anyone wanted to. Personally, I wouldn't use APCu or WinCache as a session store but the option is there (IMO those aren't any better than the "plain" filesystem option), and the Memcached and Redis handlers I feel are overkill if you're deploying Joomla in the typical shared hosting environment (where those types of handlers succeed are if you're deploying in a load balanced environment where multiple servers are involved and you need the session data for the application to be available across all servers, I don't have any Joomla sites like this but I do have a Symfony application where we have 5 or 6 active web servers on a slow day that are behind a load balancer so a user's session needs to be available regardless of which server is chosen to handle a particular request).

All that to say, the database handler isn't necessarily the best option, but it is the most platform portable and the most sane default Joomla can provide.

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4173
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Beta 2, frontend login error: security token did not match

Post by gws » Thu Jul 02, 2020 3:37 pm

@mbabker Thanks, that's the best explanation I have seen.

User avatar
ceford
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 109
Joined: Mon Feb 24, 2014 10:38 pm
Location: Edinburgh, Scotland
Contact:

Re: Beta 2, frontend login error: security token did not match

Post by ceford » Thu Jul 02, 2020 5:09 pm

Currently, in Beta-3 Dev, the Session Handler only offers Database and Filesystem. I have abridged mbabker's excellent explanation and included it in the Help screen for the Global Configuration page. This is what it says:
Session Handler: (File System/Database). The mechanism by which Joomla! identifies a User once they are connected to the website using non-persistent cookies.

The database session handler is the default handler because it is the only one that Joomla can fully configure and control on its own.
The filesystem handler will be slightly more performant than the database handler, but it requires PHP to be configured properly otherwise it will crash and Joomla will be totally unusable. To use it, select Filesystem and then enter a full filesystem path in the Session Save Path field that appears. Ensure the path has appropriate permissions for PHP to read and write files, and if session garbage collection is enabled to delete files from it. If this path is not set, Joomla will rely on the PHP session.save_path INI configuration or fallback to the system temporary directory (as defined by the sys_get_temp_dir() PHP function). If neither of those paths are configured or the permissions are wrong then it's game over. To recover, edit the configuration.php file and set $session_handler = 'database'.
The layout is better in the Help Screen and it will be a day or so before it becomes current.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9739
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Beta 2, frontend login error: security token did not match

Post by sozzled » Thu Jul 02, 2020 5:48 pm

@mbabker: as always, thank you. +1
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

deleted user

Re: Beta 2, frontend login error: security token did not match

Post by deleted user » Fri Jul 03, 2020 12:29 am

ceford wrote:
Thu Jul 02, 2020 5:09 pm
Currently, in Beta-3 Dev, the Session Handler only offers Database and Filesystem.
Because that is all your system supports. The cache handler, session handler, and database driver fields in the global config are environment aware and only show compatible options. Don't have ext/pdo installed and enabled in PHP? You won't see the PDO database drivers. Don't have ext/redis installed and enabled in PHP? You won't see the Redis option for cache or session. Though maybe the UI could present disabled options instead of not showing them at all to improve discoverability, otherwise it's a useful mechanism to keep folks from setting a configuration that will crash a site.

User avatar
ceford
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 109
Joined: Mon Feb 24, 2014 10:38 pm
Location: Edinburgh, Scotland
Contact:

Re: Beta 2, frontend login error: security token did not match

Post by ceford » Fri Jul 03, 2020 9:33 am

Thank you again for that clarification. I have added this to the Global Configuration Help page:
Other handlers (APCu, Memcached, Redis, and WinCache) all rely on optional PHP extensions and may be available if your system supports them. APCu or WinCache may be no better than the "plain" filesystem option. The Memcached and Redis handlers are overkill for Joomla in a typical shared hosting environment. Those types of handlers succeed if you are deploying Joomla in a load balanced environment where multiple servers are involved and you need the session data for the application to be available across all servers.
Gems of information to anyone wondering what these terms mean, including me!


Post Reply

Return to “Joomla! 4 Related”