I am using whmcs for a long time but 2 days ago my licence was suspended due to unknown reason, now its unsuspended but i was unable to login, it shows "INVALID CSRF PROTECTION TOKEN". i have tried my best but not resolved .
Asked
Active
Viewed 3,911 times
2 Answers
2
I realized this was related to another issue with sessions which I was having. That article states that the issue comes up for 1 of 2 reasons:
- The configured session tmp path not being writeable
- The configured session tmp path being full
After doing phpinfo(), I realised my session.save_path was pointing to a non-existent directory. Had to edit my php.ini and set its value to /tmp.
Issue fixed.
Cedric Ipkiss
- 5,662
- 2
- 43
- 72
-
1It is very important to figure out the reason why it happened. Your answer is best suited and more reasonable. Thumbs up! – Prateek Jan 21 '22 at 14:08
-
I had the same issue but was discovered by the admin user never logs in, the admin page just refreshes and asks for credentials again. Thanks! – Rami Alloush Oct 18 '22 at 21:57
1
From WHMCS forum post, they suggest to disable Session IP Check.
Setup > General Settings > Security tab
Or from phpmyadmin, run this SQL statement:
UPDATE `tblconfiguration` SET `value` = 'on' WHERE `setting` = 'DisableSessionIPCheck'
wesamly
- 1,484
- 1
- 16
- 23
-
1But issue is that I am using whmcs 7.4, to open setup tab it need to provide password. – Nadir Hussain Apr 01 '18 at 09:27
-
Create a test.php file and add phpinfo(); into it and see the session path, and make sure that path is writable. Refer to the answer by @Cedric Ipkiss. – Prateek Jan 21 '22 at 14:09
-