grav-plugin-admin icon indicating copy to clipboard operation
grav-plugin-admin copied to clipboard

Published 20 hours ago verified publisher icon getgrav

grav admin : Invalid Security Token

Open jennmagat opened this issue 2 years ago • 12 comments

Hi please help on my grav issue it keeps logging me out when I clicked any menu.

image

image

jennmagat avatar Sep 29 '21 07:09 jennmagat

i also tried this https://learn.getgrav.org/troubleshooting/invalid-security-token

jennmagat avatar Sep 29 '21 08:09 jennmagat

Hi from some days I get the same problem "Invalid Security Token", the problem happens after 1 days from the last login. it is a bug of grav cms not from php, I use other cms each days without any problems. on my local server all is ok in the first day but if I wait some time to do the next login I get this error.

I tried to remove all cookies from chrome

to fix this problem I need to remove the account file and recreat it to get the login or use the comand bin/grav clearcache

is it possible to fix this problem?

bye

maofree avatar Nov 12 '21 18:11 maofree

We typically don't see this error unless the site has been left in a logged-in state and you try to do some action and haven't logged back in yet. On the login page, this happens if is the token (that is generated for the login page form) expires.

There is a keep-alive call that should keep the session active when editing pages, but it don't think it is fired on non-content editing pages.

rhukster avatar Nov 12 '21 20:11 rhukster

Hi this problem happens also in prestashop's admin, but it is possible to return to the dashboard page and reset the token from a popup alert. with grav the only solution is remove the grav's cache. I get the same problem if I have already done the log out. on my local server I don't use ssl, probably it is due from it

maofree avatar Nov 12 '21 20:11 maofree

do you get this problem if yo close the browser window/tab? Also what version of Grav are you running?

rhukster avatar Nov 12 '21 20:11 rhukster

I don't close the admin tab from chrome, I'm working on many tabs Grav v1.7.24 - Admin v1.10.24

next time I'll try to close the tab

maofree avatar Nov 12 '21 21:11 maofree

Hi is there any fix for this problem ? . i already tried bin/grav clearcache.

jennmagat avatar Nov 12 '21 22:11 jennmagat

Usually just reloading the page in your browser is enough to fix it.

rhukster avatar Nov 12 '21 22:11 rhukster

@jennmagat your original screenshot was with a very old version of Grav (v1.4.5), so first thing to try is to upgrade to latest version.

rhukster avatar Nov 12 '21 22:11 rhukster

hmm thanks for the response. unfortunately we cannot upgrade Grav at the moment due to existing sites currently deployed on 1.4.5 version. was hoping there is something we can revise on code just to fix the issue or skip the token validation? ( I already tried revising the system.yaml )

anyway I will continue exploring more on its code. will also analyze the impact of upgrading our Grav version.

thanks again!

jennmagat avatar Nov 13 '21 02:11 jennmagat

For what it's worth, the invalid security token may, in some cases, be related to additional/unexpected/internal query-string parameters being added to the URL. This is something an http frontend / reverse-proxy may do without one noticing.

drzraf avatar Feb 23 '22 16:02 drzraf

For me, this happens when I try to login through HTTP after I have been logged in through HTTPS. Usually, I have to clean both HTTP and HTTPS cookies to get rid of the error.

progmars avatar May 28 '22 16:05 progmars