khtims75 Posted May 31, 2017 Share Posted May 31, 2017 I am no longer able to save any settings, add any clients, make any payments, or make any changes at all in WHMCS right now. It just keeps logging me out and when I log back in it says Invalid CSRF Protection Token. I have googled this and reviewed other answers in the forums and they did not work for me. I have tried: 1. adding session_name("WHMCS"); to the configuration.php file 2. disable Session IP Check under Setup > General Settings > Security tab 3. upgrading to newest version The first one just made it worse. It put me in a logging in loop. I had to log in and then verify my password and then log in again then verify password. Just a loop. The second two options could not be done because of the error I am asking about, Invalid CSRF Protection Token. This will not allow me to do those two things. How can I fix this issue? My client area (WHMCS) is at http://client.websmithguy.com. Any help is appreciated. 0 Quote Link to comment Share on other sites More sharing options...
Fernis Posted June 11, 2017 Share Posted June 11, 2017 Did you get this resolved. I am having the same issue. 0 Quote Link to comment Share on other sites More sharing options...
roger_richards Posted August 1, 2017 Share Posted August 1, 2017 I have the same problem - just started happing in the past month. I am still on the "latest" version of WHMCS 6 - will migrating to 7 fix it? 0 Quote Link to comment Share on other sites More sharing options...
AffordableDomainsCanada Posted August 2, 2017 Share Posted August 2, 2017 (edited) Setup >> General >> Security >> CSRF Token >> Disable Edited August 2, 2017 by AffordableDomainsCanada 0 Quote Link to comment Share on other sites More sharing options...
isdoo Posted September 1, 2017 Share Posted September 1, 2017 Have this also after the most recent update. Currently disabled the token. Any thoughts? 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Developer WHMCS Andrew Posted September 1, 2017 WHMCS Developer Share Posted September 1, 2017 You shouldn't be adding any session name to your configuration.php file, this can actually break the session. From the description, it does sound like a session issue. Perhaps your session save path isn't read/writable? I'd also suggest opening a ticket and our support guys can look at this for you. 0 Quote Link to comment Share on other sites More sharing options...
Sajibe Kanti Posted March 23, 2021 Share Posted March 23, 2021 From Server Terminal php -i | grep session.save_path Then Set this Value in php.ini File & Get Fix 0 Quote Link to comment Share on other sites More sharing options...
ipkiss Posted May 11, 2021 Share Posted May 11, 2021 I realized this was related to another issue with sessions which I was having (https://help.whmcs.com/m/troubleshooting/l/678268-troubleshooting-login-problems). That article states that the issue comes up for 1 of 2 reasons: Quote - The configured session tmp path not being writeable - The configured session tmp path being full After doing phpinfo(), I realised my session.save_path was pointing to a non-existent directory. Had to edit my php.ini and set its value to /tmp. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.