Jump to content

Invalid CSRF Protection Token


Recommended Posts

I am no longer able to save any settings, add any clients, make any payments, or make any changes at all in WHMCS right now. It just keeps logging me out and when I log back in it says Invalid CSRF Protection Token. I have googled this and reviewed other answers in the forums and they did not work for me.

 

I have tried:

1. adding session_name("WHMCS"); to the configuration.php file

2. disable Session IP Check under Setup > General Settings > Security tab

3. upgrading to newest version

 

The first one just made it worse. It put me in a logging in loop. I had to log in and then verify my password and then log in again then verify password. Just a loop.

 

The second two options could not be done because of the error I am asking about, Invalid CSRF Protection Token. This will not allow me to do those two things. How can I fix this issue? My client area (WHMCS) is at http://client.websmithguy.com. Any help is appreciated.

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • 5 weeks later...
  • WHMCS Developer

You shouldn't be adding any session name to your configuration.php file, this can actually break the session.

 

From the description, it does sound like a session issue. Perhaps your session save path isn't read/writable?

 

I'd also suggest opening a ticket and our support guys can look at this for you.

Link to comment
Share on other sites

  • 3 years later...
  • 1 month later...

I realized this was related to another issue with sessions which I was having (https://help.whmcs.com/m/troubleshooting/l/678268-troubleshooting-login-problems). That article states that the issue comes up for 1 of 2 reasons:

  • Quote

     

    • - The configured session tmp path not being writeable
    • - The configured session tmp path being full

     

     

After doing phpinfo(), I realised my session.save_path was pointing to a non-existent directory. Had to edit my php.ini and set its value to /tmp.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated