Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Login - invalid security token

Topic-icon Login - invalid security token

Active Subscriptions:

None
9 years 8 months ago - 9 years 8 months ago #59519 by eSilverStrike
I get the following error sometimes on my site that uses the latest version of Joomla:

"The most recent request was denied because it contained an invalid security token. Please refresh the page and try again."

This happens even if I hit the refresh on the browser. The only way to fix it is I clear the cache in the Admin section.

I have the system page cache plugin enabled (but not set to use the Browser Caching) along with Conservative caching under Global configuration.

I am using the SCLogin module (latest version of it and JFBConnect) for logins with caching set to "No caching". You can see it on my site Review Chatter available at the login link at the top on the orange bar.

Does anyone know why this is happening? Are not the security tokens stored with the module which I have disabled caching for. By refreshing the browser only should fix the problem and not clearing the entire site cache since the login module is not cached in the first place.
Last edit: 9 years 8 months ago by eSilverStrike.
The topic has been locked.
Support Specialist
9 years 8 months ago #59534 by alzander
Page Caching stores a caches a copy of the whole contents of the page so that it doesn't need to regenerate it for the next user. If the token is stored in that HTML, then it will be invalid for the next user that sees it.

The Page Plugin *tries* to scan the page for tokens and replace them each time the page is sent to the new user, but it's not perfect. Generally, we recommend not using the System - Cache plugin because page caching leads to all sorts of issues on sites with various different extensions. Can you try with the standard Joomla mod_login and see if you see the same behavior? Alternatively, try disabling the System - Cache plugin and leave the Conservative caching setting enabled in the Global Configuration to see if that fixes things.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
9 years 8 months ago #59536 by warchop
I'm not sure why...but I don't experience token issues when I'm browsing Incognito or Private.
The topic has been locked.
Active Subscriptions:

None
9 years 8 months ago #59539 by eSilverStrike
I never had so much trouble with caching with a CMS as I have had with Joomla :-)

Okay I just did my tests again. What I did for each set of tests was:

- Clear the cache
- Login as a user
- Logout
- Login as same user (then get token error)

Here are the results:

Fails
- Used SCLogin module with System- Page - Cache enabled (global cache set to conservative)
- Used SCLogin module with System- Page - Cache disabled (global cache set to conservative)
- Used SCLogin module with System- Page - Cache enabled (global cache off)

- Used regular module form with System- Page - Cache enabled (global cache set to conservative)
- Used regular module form with System- Page - Cache disabled (global cache set to conservative)
- Used regular module with System- Page - Cache enabled (global cache off)

Works
- Used SCLogin module with System- Page - Cache disabled and Global Cache Off
- Used regular Login module with System- Page - Cache disabled and Global Cache Off

I also use JCH Optimize Pro and jQuery Easy but these shouldn't affect the token issue.

Turning the cache off is not really plausible for me as my site then takes over 4x longer to load.

Any ideas how to fix this? And why is stuff like security tokens being cached? I have both login modules set to not cache.

Would using a cache component like JotCache solve my issue?

Thanks

Tom
The topic has been locked.
Support Specialist
9 years 8 months ago #59561 by alzander
Unfortunately, I don't have any good answers for you. Since you're seeing the exact same behavior with the standard Joomla login module as you are with our SCLogin module, it means it's not an issue with our extension. There's something more underlying that's causing the problem to multiple login modules.

If your site takes 4x as long to load, I'd recommend going through everything you have setup. Disable any plugins you aren't using/don't need and delete modules that aren't being used. Caching shouldn't be necessary for standard page loads, it really should only be a resort to use when your site grows large enough that there's too much demand to generate each page. Beyond that, you may want to contact your host to determine why it's so slow (or consider switching hosts).

For figuring out the token issue, I'd recommend a process of elimination. Disable JCH Optimize or any other caching/optimization features and see if the problem persists. Narrow down which extension/features are causing the problems and figure out how to fix things from there.

I hope that helps give you some ideas,
Alex
The topic has been locked.
Active Subscriptions:

None
9 years 8 months ago #59576 by eSilverStrike
Just an update on the issue. It is still a problem but I can confirm disabling JCH Optimize and jQuery Easy had no affect. I did find one problem (an IIS bug where specifying localhost as your DB server instead of 127.0.01) which has sped up the site at least 2x so that is a bonus.

BTW my login page and registration page (where you can also login) work fine, it is just the login module which has the issue.

While my site does not have heavy traffic at the moment caching is a must. I am using JReviews which does a lot in the back ground calculations and DB requests (especially for the number of fields I have). The information doesn't change much over time (new stuff gets added every couple of days) so there is no reason I cannot use the page cache.

I have a support request in regarding the login issue since it does also affect the regular login module with the people who supplied my template. Whatever the fix may be, I will update this topic.
The topic has been locked.
Support Specialist
9 years 8 months ago #59601 by alzander

I did find one problem (an IIS bug where specifying localhost as your DB server instead of 127.0.01)

Yes, using a socket vs a TCP/IP connection is definitely a common optimization.

BTW my login page and registration page (where you can also login) work fine, it is just the login module which has the issue.

The login page is a bit different in how it operates, so I'm not terribly surprised. The most important fact is that both SCLogin *and* the Joomla login module have the same issue, which means it's something native to the site and not specific to SCLogin.

While my site does not have heavy traffic at the moment caching is a must. I am using JReviews which does a lot in the back ground calculations and DB requests (especially for the number of fields I have). The information doesn't change much over time (new stuff gets added every couple of days) so there is no reason I cannot use the page cache.

I understand, but JReviews does it's own caching and storing of computations. Most of the calculations aren't done every time a page loads. In general though, the Page Cache plugin can be very problematic to sites, and that was my main point.

I have a support request in regarding the login issue since it does also affect the regular login module with the people who supplied my template. Whatever the fix may be, I will update this topic.

Definitely keep us posted if the template provider finds anything. I don't know what more we can do since it's a general login error, but if there's something they recommend to investigate for the SCLogin module, we'll gladly help look into it however we can.

Thanks,
Alex
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Login - invalid security token
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS