Joomla 3 Invalid Token error

Question

Every time I log into joomla admin I get the following error:

The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.

And the only way I can get to admin section is to go back a page or 2 and I'm in. What could be causing this really annoying behaviour?

I'm running Joomla 3.1.5 with K2.

score 3 · Accepted Answer · answered Feb 27 '14 at 08:39

Seems as though this question is getting a lot of views so here is the solution I came up with to handle token errors. Since seeing the error would likely mean nothing to the user, I wanted to log the user out and redirect token errors to the home page. The only way I could achieve this was with a plugin.

Credit to joomunited.com for the original token interceptor plugin which can be found here.

Here is my modified version which includes a user logout and a redirect to the homepage with a message. Hope this helps!

tokeninterceptor.php:

class PlgSystemTokeninterceptor extends JPlugin
{

    public function __construct(&$subject, $config = array())
    {
        parent::__construct($subject, $config);
        $app = JFactory::getApplication();

        if (($app->isSite() && $this->params->get('use_frontend')) || ($app->isAdmin() && $this->params->get('use_backend'))) 
        {
            register_shutdown_function(array($this,'redirectToHome'));
        }

    }

    public function redirectToHome()
    {
        $content = ob_get_contents();

        if($content == JText::_('JINVALID_TOKEN') || $content == 'Invalid Token')
        {
            $app = JFactory::getApplication();

            if (!JFactory::getUser()->guest)
            {
                $app->logout();
            }

            $app->redirect(JURI::base().'index.php?invalid_token=true');

            return false;   
        }
    }

    function onAfterInitialise()
    {
        $app = JFactory::getApplication();
        $invalid_token = $app->input->get('invalid_token', 'false');

        if ($invalid_token == 'true')
        {
            $app->enqueueMessage(JText::_('JINVALID_TOKEN'), 'warning');
        }

        return true;
    }

}

Thanks... Modified ours to redirect back to the login page instead and show: "Your session has expired." instead of the default (useless to visitor) "invalid token" — hi-tech, Nov 06 '14 at 15:11

score 1 · Answer 2 · answered Sep 24 '13 at 08:08

1

It's as if you clicked twice and submitted your login a second time:

the first login is successful
the second will fail (invalid token)

but you're already logged in by the first so you can use the admin.

Some plugins may cause this; and since you are logged in, I guess you can rule off cache.

answered Sep 24 '13 at 08:08

Riccardo Zorn

5,590
1
20
36

This happens for many reasons, one of which is having a login page open overnight and then logging in the next day. I would assume that browser cache could also cause this issue. – Eoin Jan 22 '16 at 10:02

Jef F · Answer 3 · 2014-10-09T00:13:04.137

One of our hosting clients had this issue with his Joomla 3.3.X.

Login to admin loaded a long time before displaying an "invalid security" message.

I pressed Back on my browser and was able to login.

I cleared all caches, upgraded to latest version, changed password and the problem went away.

Don't forget to always use the "logout" option, not just close your browser, when you want to exit Joomla admin.

I will update if client gets back again with same error anytime soon.

score 0 · Answer 4 · answered Aug 06 '14 at 16:20

0

Simply press the back button in your browser, and then press refresh!

answered Aug 06 '14 at 16:20

cac

1

Thanks for the suggestion but this is not really a solution to the problem. At the time this was one way of dealing with it but I was more interested fixing in the root cause. – doovers Aug 06 '14 at 19:46

score 0 · Answer 5 · answered Dec 03 '14 at 11:32

0

Simply disable the tokenintercepter plugin. It will work.

answered Dec 03 '14 at 11:32

Rajivgandhi

27
4

Thank you for the suggestion but this doesn't answer the original question in any way... There is no mention of the token interceptor plugin in the question, only as a solution to the problem. – doovers Dec 03 '14 at 20:32

score 0 · Answer 6 · answered Jan 27 '15 at 02:36

I just removed the call to an index.php at the end of the url

ie.

http://www.wwf.org/english_site/administrator/index.php

Now… remove the index.php

and the url should look like

http://www.wwf.org/english_site/administrator/

... that should fix it, and sorry if it did not for you, because it did for me.

score -1 · Answer 7 · answered Sep 12 '14 at 11:00

-1

Simply press the back button in your browser, and then press refresh! worked for me!

answered Sep 12 '14 at 11:00

Yorgo Kastri

1

2

This is not really a solution but rather a reiteration what the OP found as annoying. – Rytis Sep 12 '14 at 11:04

Joomla 3 Invalid Token error

7 Answers7