Help, Cannot Login - No _CSRFToken exists error
16 posts by 6 authors in: Forums > CMS Builder
Last Post: January 21, 2015 (RSS)
By theclicklab - January 1, 2015 - edited: January 1, 2015
Cannot login in any browser. I have read through all the other posts on this and have tried the following:
in settings.dat.php tried changing:
'checkReferer' => '0',
'session_save_path' => 'xxxxxx',
in htaccess tried adding:
php_value session.gc_maxlifetime 3600
Php Info:
Version: 5.3
PHP Safe Mode: off
Register Globals: off
Not running Spambot Email Protector either.
Suggestions?
Hi theclicklab,
This is probably happening because the session that contains the users _CSRFToken (which is used to prevent Cross-Site Request Forgery) is being unset. There are a couple of things you could look into to fix this:
- Try setting a directory to store your session data in, you can do this in the CMSB General settings area (see attached). On some hosting services the session files are deleted extremely often by the server unless you store them in a directory you can control.
- CMS Builder is set up so that session cookies remain for 24 hours, but some servers ignore this and use their own session limits, you might have to contact your hosting company and see if you have access to the session.gc_maxlifetime variable:
-
ini_set('session.gc_maxlifetime', 3600);
You could also try disabling the `Check Referer` check box in the General Settings of the CMS, and see if this makes a difference, although your CMS backend will be slightly less secure if you do this.
If none of these items work, you can fill out a second level support request here:
https://www.interactivetools.com/support/email_support_form.php
and we will take a look into what is causing the issue.
Thanks,
Greg
PHP Programmer - interactivetools.com
Thanks Greg, I have tried all those options. I have submitted a support request. Many Thanks
Hi Greg, Just a follow up on this... have tried the following in settings.dat.php:
'checkReferer' => '0',
'session_save_path' => '/directory/path/',
I can see the session files being stored in this directory and they are not being deleted
I get the _CSRFToken immediately on login on all browsers.
I also have a support ticket in #RDJ-694185
By claire - January 12, 2015
Thanks very much for posting this! I'll update your ticket.
Claire Ryan
interactivetools.com
Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
By mizrahi - January 15, 2015
I am also experiencing the same issue. Should I submit a second level support ticket?
By claire - January 15, 2015
Hi there - yes, please do. I'm still troubleshooting this and having another test case would be great.
Claire Ryan
interactivetools.com
Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
FYI, Our host also tried to fix this by adding the following to our htaccess file, but error still exists
<IfModule mod_php5.c>
#Session timeout
php_value session.cookie_lifetime 86400
php_value session.gc_maxlifetime 86400
</IfModule>
By mizrahi - January 16, 2015
Any updates on this? I am in a bit of bind with one of my sites. I need to push some updates live today.