Jump to content
  • 0

The Form Token Is Invalid. Error

L3Y

Asked by L3Y,

 Share

Question

L3Y Newbie

L3Y

Posted
Posted

Hi,

 

I have the error "The form token is invalid" everywhere (admin and client area).  Nobody is able to work and no customer are able to login.  Need to fix this asap :wub:

 

Symptoms :

 

  • We did not made changes on the server : still the same php still the same apache.
  • There is absolutely no errors in the logs (server side, and blesta)
  • If i change Configure::set("Blesta.verify_csrf_token", true);  to Configure::set("Blesta.verify_csrf_token", false); then i am just unable to login.  It doesn't work more. When the csrf tokens are disabled, and i try to login, it doesn't let me login, but it doesn't show any error either. And there is no errors in the logs, server side.
  • I also tried to disable modsecurity and enable log reporting with Configure::errorReporting but it still don't change anything, and i still don't see any errors, and i am still unable to login.

Recent changes made in Blesta :

  • The problem started 1 day after i upgraded Blesta from 3.4.0 to 3.4.3 - don't think it's related since yesterday, it was working fine for all day.
  • Yesterday, we enabled phpids after the Blesta upgrade : please advise on how to disable this through the mysql command line if you want me to test without phpids.  I don't know if this issue may be related or not with phpids.

 

Someone know a solution? :rolleyes:

 

Thank you,

Carl

8 answers to this question

Recommended Posts

  • 0
L3Y Newbie

L3Y

Posted
  • Author
Posted

Hi,

 

Instead, i disabled the plugin in the plugin table :

 

mysql> select * from plugins;
+----+------------------+------------+---------------------+---------+---------+
| id | dir              | company_id | name                | version | enabled |
+----+------------------+------------+---------------------+---------+---------+
|     | phpids           |          1 | PHPIDS              | 1.1.0   |       0 |
+----+------------------+----------

 

.but it still doesn't work.

 

Something else i can try / look?

  • 0
Michael Apprentice

Michael

Posted
Posted

Hi,

 

Instead, i disabled the plugin in the plugin table :

 

mysql> select * from plugins;

+----+------------------+------------+---------------------+---------+---------+

| id | dir              | company_id | name                | version | enabled |

+----+------------------+------------+---------------------+---------+---------+

|     | phpids           |          1 | PHPIDS              | 1.1.0   |       0 |

+----+------------------+----------

 

.but it still doesn't work.

 

Something else i can try / look?

 

dno I delete the rows myself lol.

 

Try turning Blesta's errors on: /config/blesta.php

 

Configure::errorReporting(-1);
  • 0
L3Y Newbie

L3Y

Posted
  • Author
Posted

Hi,

 

I just tried with

 

Configure::errorReporting(-1);
 
...still no luck : there is no errors on the login page, and there is no errors in the logs upon login.
 
I am trying with csrf disabled. 
 
If i re-enable the csrf check then i am getting a token error.  Without csrf i have nothing (no error, no login).
 
Thank you,

Carl
  • 0
Michael Apprentice

Michael

Posted
Posted

 

Hi,

 

I just tried with

 

Configure::errorReporting(-1);
 
...still no luck : there is no errors on the login page, and there is no errors in the logs upon login.
 
I am trying with csrf disabled. 
 
If i re-enable the csrf check then i am getting a token error.  Without csrf i have nothing (no error, no login).
 
Thank you,

Carl

 

 

Sounds like a file or folder is missing try re-uploading a fresh 3.4.3 full zip and see if that fixes it I recommend FTP or SSH.

  • 0
L3Y Newbie

L3Y

Posted
  • Author
Posted

Hi,

 

i tried this already 2 times.  still the same.

 

I noticed if i disable the csrf it seems like the password is validated, cause if i use the wrong password, then i am getting a username / password error.

 

But if i try with the correct password then i just don't get any error.

 

weird :wacko:

  • 0
L3Y Newbie

L3Y

Posted
  • Author
Posted

Hi,

 

If someone else get the same error, please have a check on :

 

session.cookie_domain

 

in the php.ini file.

 

Problem fixed : hope this post will be useful  for someone, someday

 

I was all confused, because i am coming from another well know billing solution i won't even pronounce  :rolleyes:    As a result : i may think it's Blesta's fault, but it's an evidence for me now : Blesta just cannot have a bug.  :blesta:

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...