Is this happening on 2.65? 

In /lib/common.php you can log what's happening by adding this code in security_dieOnInvalidCsrfToken()

function security_dieOnInvalidCsrfToken() {

  ### Validate for CSRF Token
  $errors = ''; 
  $token = @$_POST['_CSRFToken'];
  if     (array_key_exists('_CSRFToken', $_GET))      { $errors .= t("Security Error: _CSRFToken is not allow in GET urls, try using POST instead.") . "\n"; }  
  elseif (!array_key_exists('_CSRFToken', $_SESSION)) { $errors .= t("Security Error: No _CSRFToken exists in session.  Try reloading previous page.") . "\n"; }  
  elseif ($token == '')                               { $errors .= t("Security Error: No _CSRFToken value was submitted.") . "\n";  }  
  elseif ($token != $_SESSION['_CSRFToken'])          { $errors .= t("Security Error: Invalid _CSRFToken.") . "\n"; }  
  // 
  if ($errors) {
    @trigger_error($errors, E_USER_NOTICE);
    die($errors);
  }
}

My guess is that the server is erasing your session files after a period of time.  But I'd like to know what the value of $token and $_SESSION['_CSRFToken'] is when you get that error.

If you add the logging you'll be able to record when anyone gets that error.  (And if you need to ensure it doesn't happen just comment out the die temporarily).

Hope that helps!  Let me know what you find out.  Thanks!

No : Cannot login (No _CSRFToken...

Sorry!

function _antiFlood($tableName, $isNewRecord, $oldRecord) {
    if(@$_SESSION['last_session_request'] > time() - 1) {
        die('Thanks to wait a second!');
    }
    $_SESSION['last_session_request'] = time();
}

Do you think that can interfere?

Thanks!

Djulia

The problem occurs mainly when a record is saved.
But, it is always very random

I have just applied this solution:

update /lib/database_functions.php and replace all instances of this:

session_write_close()

with this:

#session_write_close()

http://www.interactivetools.com/forum/forum-posts.php?postNum=2235780#post2235780

Thanks!

Djulia

I have again this problem (error) intermittently (Firefox and Chrome).
Do you have an idea which can direct me towards a solution?

I deactivated the Check Referer option.
Do you think that can help to correct?

Thanks!

Djulia

If you'd like I can upgrade the CMS for you and test and resolve any issues.  Just email me CMS and FTP login details to dave@interactivetools.com (don't post login details to the forum).

My guesses as to the cause are perhaps that a file didn't get uploaded during the upgrade (happens with FTP servers/clients occasionally) or there's a plugin that is interfering with the login process.  But I'm really not sure, we'd have to investigate.

Let me know, thanks!.

Thanks for your follow up.
I continued to searched about the problem and moved to downgrade on more version down (2.53) and the error message disappeared but still not able to log in.

Finally i "refreshed" (factory cleanup) my Firefox from troubleshooting and my problem resolved.
It was definitely something in the browser only.

Thanks again,
Karls

I can't replicate the issue on my local server, can you please send in a Support Request with the log in details, the cms admin url(don't post them here), and what version your Firefox is so we can take a closer look?

https://www.interactivetools.com/support/email_support_form.php?priority=free

Include a link to this forum post for reference.

Thanks,

Nothing worked from the suggested post. The problem is remain from Firefox that i use as developing browser. Chrome is working...

I downgraded the cmsb to 2.63 but the problem is the same...

Karls

Please check out this thread about "Security Error: No _CSRFToken exists in session. Try reloading previous page." issue.

https://www.interactivetools.com/forum/forum-posts.php?postNum=2235000#post2235000

Please let me know if the solution from that thread resolves the issue you were having.

Thanks,

I just finished a new 2.64 final release setup and everything worked fine. After i tried to login from another computer i get Security Error: No _CSRFToken exists in session. Try reloading previous page.

I searched the forum for other related posts but no solution from these applied well for me.

PS1: from Chrome (latest) i can login but from firefox 36 the problem remain (after a full cleanup) the same...

PS2: in the Firefox there is no new cookie creation in the specific website. Every other cmsb works great...

Please advise,
Karls