Help, Cannot Login - No _CSRFToken exists error

16 posts by 6 authors in: Forums > CMS Builder
Last Post: January 21, 2015   (RSS)

By theclicklab - January 1, 2015 - edited: January 1, 2015

Cannot login in any browser. I have read through all the other posts on this and have tried the following:

in settings.dat.php tried changing:
'checkReferer' => '0',
'session_save_path' => 'xxxxxx',

in htaccess tried adding:
php_value session.gc_maxlifetime 3600

Php Info:
Version: 5.3
PHP Safe Mode: off
Register Globals: off

Not running Spambot Email Protector either. 

Suggestions?

By gregThomas - January 2, 2015

Hi theclicklab, 

This is probably happening because the session that contains the users _CSRFToken (which is used to prevent Cross-Site Request Forgery) is being unset. There are a couple of things you could look into to fix this:

  1. Try setting a directory to store your session data in, you can do this in the CMSB General settings area (see attached). On some hosting services the session files are deleted extremely often by the server unless you store them in a directory you can control.
  2. CMS Builder is set up so that session cookies remain for 24 hours, but some servers ignore this and use their own session limits, you might have to contact your hosting company and see if you have access to the session.gc_maxlifetime variable:
  3. ini_set('session.gc_maxlifetime', 3600);

You could also try disabling the `Check Referer` check box in the General Settings of the CMS, and see if this makes a difference, although your CMS backend will be slightly less secure if you do this.

If none of these items work, you can fill out a second level support request here: 

https://www.interactivetools.com/support/email_support_form.php

and we will take a look into what is causing the issue.

Thanks,

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By theclicklab - January 11, 2015

Hi Greg, Just a follow up on this... have tried the following in settings.dat.php:

'checkReferer' => '0',

'session_save_path' => '/directory/path/',
I can see the session files being stored in this directory and they are not being deleted

I get the _CSRFToken immediately on login on all browsers. 

I also have a support ticket in #RDJ-694185

By claire - January 12, 2015

Thanks very much for posting this! I'll update your ticket.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By mizrahi - January 15, 2015

I am also experiencing the same issue. Should I submit a second level support ticket?

By claire - January 15, 2015

Hi there - yes, please do. I'm still troubleshooting this and having another test case would be great.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By mizrahi - January 15, 2015

Done. Thanks.

By theclicklab - January 15, 2015

FYI, Our host also tried to fix this by adding the following to our htaccess file, but error still exists

<IfModule mod_php5.c>
#Session timeout
php_value session.cookie_lifetime 86400
php_value session.gc_maxlifetime 86400
</IfModule>

By mizrahi - January 16, 2015

Any updates on this? I am in a bit of bind with one of my sites. I need to push some updates live today.