Joomla 3 Invalid Token error

StackOverflow https://stackoverflow.com/questions/18971468

  •  29-06-2022
  •  | 
  •  

Question

Every time I log into joomla admin I get the following error:

The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.

And the only way I can get to admin section is to go back a page or 2 and I'm in. What could be causing this really annoying behaviour?

I'm running Joomla 3.1.5 with K2.

Was it helpful?

Solution

Seems as though this question is getting a lot of views so here is the solution I came up with to handle token errors. Since seeing the error would likely mean nothing to the user, I wanted to log the user out and redirect token errors to the home page. The only way I could achieve this was with a plugin.

Credit to joomunited.com for the original token interceptor plugin which can be found here.

Here is my modified version which includes a user logout and a redirect to the homepage with a message. Hope this helps!

tokeninterceptor.php:

class PlgSystemTokeninterceptor extends JPlugin
{

    public function __construct(&$subject, $config = array())
    {
        parent::__construct($subject, $config);
        $app = JFactory::getApplication();

        if (($app->isSite() && $this->params->get('use_frontend')) || ($app->isAdmin() && $this->params->get('use_backend'))) 
        {
            register_shutdown_function(array($this,'redirectToHome'));
        }

    }

    public function redirectToHome()
    {
        $content = ob_get_contents();

        if($content == JText::_('JINVALID_TOKEN') || $content == 'Invalid Token')
        {
            $app = JFactory::getApplication();

            if (!JFactory::getUser()->guest)
            {
                $app->logout();
            }

            $app->redirect(JURI::base().'index.php?invalid_token=true');

            return false;   
        }
    }

    function onAfterInitialise()
    {
        $app = JFactory::getApplication();
        $invalid_token = $app->input->get('invalid_token', 'false');

        if ($invalid_token == 'true')
        {
            $app->enqueueMessage(JText::_('JINVALID_TOKEN'), 'warning');
        }

        return true;
    }

}

OTHER TIPS

It's as if you clicked twice and submitted your login a second time:

  • the first login is successful
  • the second will fail (invalid token)

but you're already logged in by the first so you can use the admin.

Some plugins may cause this; and since you are logged in, I guess you can rule off cache.

One of our hosting clients had this issue with his Joomla 3.3.X.

Login to admin loaded a long time before displaying an "invalid security" message.

I pressed Back on my browser and was able to login.

I cleared all caches, upgraded to latest version, changed password and the problem went away.

Don't forget to always use the "logout" option, not just close your browser, when you want to exit Joomla admin.

I will update if client gets back again with same error anytime soon.

Simply press the back button in your browser, and then press refresh!

Simply disable the tokenintercepter plugin. It will work.

I just removed the call to an index.php at the end of the url

ie.

http://www.wwf.org/english_site/administrator/index.php

Now… remove the index.php

and the url should look like

http://www.wwf.org/english_site/administrator/

... that should fix it, and sorry if it did not for you, because it did for me.

Simply press the back button in your browser, and then press refresh! worked for me!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top