-
-
Notifications
You must be signed in to change notification settings - Fork 222
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid security token #893
Comments
Was it a one time issue? Can you log back in at all? |
i can log in back, it happens quite frequently, but in random intervals. for example, i wrote my first test page, pressed save button, red error on the right side popped for a second and then i was instantly logged out. after next login, i saved paged correctly, went to configuration, red message on top showed saying invalid security token, after pressing save, i was logged out again. all logs are empty. |
Is there any chance to test with another WAMP solution? How about Uniform Server (http://www.uniformserver.com/) as it doesn't invade your programs folder? |
Or MAMP? |
Yes MAMP is even better because I just tested that, and it "Just Works" with grav. No messing about with configuration options. |
MAMP is not relevant, the security token issue also happens on my production environment (webhosting). I am not able to write modular page, it keep logging me off. It is annoying. |
On a webserver it's strange - can you try accessing the page in incognito/private mode, or clearing the cookies / cache, to make sure there is no conflict with your local environment? |
I get this on every form in the g5_hydrogren appearance forms:
On other system forms, or when creating a blog page and more "normal" admin forms I dont see this error. It appears to happen when
If there is some other better diagnostics I can provide please let me know. |
@tenken can you PM me your user/ folder at https://gitter.im/flaviocopes to recreate this quickly? |
Checked @tenken issue but no token issue came up.. |
Switching to this docker image using Apache seems to work fine: Nginx based docker images in the wild seem to break the Hydrogen theme saving. |
Am having same issue as @tenken using Nginx. |
@JordanMajd you're using a Gantry theme? |
Nginx users: please update nginx.conf:
|
Alright, original issue from the first post is different, re-opening the issue. |
I am having the same problem , but I am using lighttpd. I am assuming I should add an lighttpd equivalent rule as the one mahagr posted? What should that rule be? |
For me shift-refreshing wouldn't make it go away but going to another admin section and back home caused it to disappear. Nginx. |
Having the same issue with Apache. The issue seems somewhat random. |
shift-refresh doesn't help, nor does clearing cookies. The issue is consistent, I can't save any gantry settings at all :( |
Have the same issue randomly with Apache and WAMP |
Are you all using a Gantry based theme??? |
Grav issue in my case |
We need to find some common thread because we can't replicate this issue. |
Other than popping up in the Admin interface, is the error logged by PHP? Where does it emanate from, and what calls it? |
For me, the admin just logs out randomly. I am not using a Gantry based theme. Setting the 'secure' option under 'Configuration->session' seems to have fixed it (Still testing) although I am not using https, so it seems odd. Update: that did not fix the issue, just ran into it again. |
@rhukster: In my case, it is a gantry based issue yes. |
@itsociaal are you sure that query parameters are being passed to grav? |
I can get it to work if I comment out lines 74-76 in gantry's router.php :
Gantry still doesn't behave 100% perfect then, but it's 99% usable if I comment out those 3 lines :) |
Yup, and by doing that you will basically allow CSRF attacks against your site. From this, your issue really looks identical to the issues above: your server does not pass query string to PHP. I don't know the fix for lighttpd, maybe some googling helps? |
Thanks for the tip, I managed to solve the issue for lighttpd hosts:
to
So it passes the query string correctly. It also solved some other small problems gantry seemed to be having. |
@flaviocopes PING! ^ |
@itsociaal can you test this PR? getgrav/grav#1393 |
@flaviocopes , that is indeed the exact change I had made to my config, except I have grav not installed in a folder, so I removed the '/grav_path/' path from it. It seems to work just fine now, I haven't encountered any weird issues so far :) I still need to comment lines 74-76 in gantry's router.php to get gantry to play nice, but I assume that's purely a gantry issue. |
Uhm.. if you still need that change in Gantry, it's not fixed then. The webserver config change should have resolved the issue. |
You are 100% correct. I did indeed revert the changes in router.php. I did a clean install in the default location (/grav_path/), and somehow it seems to prevent me from going to /admin now. I am getting a 404 not found error. The frontend works fine with the change tho. If I change the config so that grav is installed in the root (without /grav_path/ in the url), it works fine with the change. |
This is what i get too. |
The probleem seems to be the router in grav, it will get confused if the path includes a complete url including querystring, it will try to load the wrong url/route.
This seems to work so far for me on both installs of grav, 1 in the root and 1 in a subfolder. |
Saw this error twice in the first login to Admin panel. Second login works fine. Grav 1.2.2 |
@Sogl That is the purpose of the error, really. It blocks access if you have too old security token or if the token doesn't belong to you. This prevents other users from doing random tasks as you in the admin. |
@ghost Where could I find the vhost.conf on an Apache shared hosting without ssh access? There seems to not be such file. |
I use ngrok service for creating tunnels to my localhost site from internet, but can't login to admin from url like |
I'm using traefik as my reverse proxy server. When connecting it to my grav "backend" I'm getting the Finally I found the error: in my traefik config I need to configure the |
@drewisdorner Thanks for the tip, works great with Traefik. |
Hello, i just made a clean install of latest grav, 1.1.9, everything is up date, it is running on windows10 with wamp server. I created first user account, logged in, turned on debug bar and after saving, i got Invalid security token error and then i was logged out. No other error is shown, log folder is empty. Any help please? Thanks
The text was updated successfully, but these errors were encountered: