[NOT A BUG] Invalid Token

[Sanyh]

Hello

Often i see error on billing admin pages: Invalid Token

[leemason]

yes i too see this quite often after updating. a quick page refresh and then trying again solves it, but can be a real pain if you where writting a ticket response.

 

this needs addressing

[zomex]

Yeah I've seen this a couple of times and lost ticket replies too The only time I see it if if I stupidly use the login as client feature while I'm replying to a ticket in another tab.

[Idealws]

I have this same issue. Really sucks when you have a long response to a ticket and it gets erased. I have learned I have to copy the ticket text before submitting in case this happens which is pretty often.

[fdohmann]

Same here, getting used to copying the text before submitting.

[caminoz74]

Same issue here.... big pain

[JLChafardet]

I confirm this bug.

 

only happens when the "login as client" feature is used and active.

 

it goes away if you close the tab where you are loged in as client.

[websavers]

Last I heard from Matt about this issue where you login as client, overwriting the token that was valid when you loaded the ticket, was as follows:

 

Ah ok yep, I think you might be on to something there. It does look to be that the issue is when you login as client, as that is issueing a new token salt for the client login. Let me check into what we can do about this.

 

Hopefully there'll be a patch soon.

[Jacob]

As I said earlier, the fix exists. Contact WHMCS Support and try to get it...

 

I get the issue when trying to delete certain product types from a client, in this case it's a Virtual Server from my own WHMCS account.

[epretorious]

No, this error does not "[only happen] when the 'login as client' feature is used and active." e.g., Immediately after installing WHMCS (i.e., After deleting the ./whmcs/installation directory but before making any configuration changes) ./whmcs/admin/configgeneral.php complains "Invalid Token" whenever I attempt to update any of the system settings (i.e., General, Localisation, Add Client, etc).

 

Eric Pretorious

Truckee, CA

Edited March 18, 2013 by epretorious

[Matt]

You will see this error message any time the CSRF protection detects a form post submission within the admin area that has an invalid token value. CSRF protection prevents unauthorized form submissions from being made and is a security feature of WHMCS.

 

The only cause for you to see this error during normal operation is if your PHP session times out and clears between the time when you first load the page and when you submit the information on it. To avoid it, if you've been sitting on a page for a long time before you are ready to submit, simply refresh it first before you submit to ensure it has a current and valid token value.

 

Matt

[jin]

Matt this happens to me all the time now.

 

I can be on a page for under 3 seconds and as soon as I try to submit a form I get the invalid token, no way am I timing out in 3 seconds.

 

It doesn't matter where I am submitting/saving the form.

[WHMCS Chris]

Matt this happens to me all the time now.

 

I can be on a page for under 3 seconds and as soon as I try to submit a form I get the invalid token, no way am I timing out in 3 seconds.

 

It doesn't matter where I am submitting/saving the form.

 

Jin,

 

Can you open a ticket and reference this forum post so we can take a look?