cameras in the cloud

this is our weblog. it includes ramblings on the latest in home and business video monitoring, cool gadgets for the home, cloud and mobile technologies, web development, along with other random topics.

30
Nov

How to Solve Invalid Token Error with Joomla

Posted by on in Web Development
  • Font size: Larger Smaller
  • 24 Comments

Have you ever experienced the "Invalid Token" error while looking at a Joomla built website?

Invalid Token

Well if you have, read on. I've seen two different sources of this error:

  1. System cache
  2. Issue with a field validation form

It seems that when users try to log in when they are already logged in you may get an Invalid Token error. Check that your Joomla "System-Cache" plug-in has "Use Browser Caching" set to No.

The other issue is with extensions. It has happened twice to me now that after using an extension that has some form field validation I get "Invalid Token" errors.

Typical Invalid Token messages come from prevention of Cross Site Request Forgery (CSRF). Details of CSRF and the use in Joomla can be found here.

In both of my instances I was able to find the form that was the culprit. It was just a matter of finding the code and making sure it I added this just before closing the form tag:

<?php echo JHTML::_( 'form.token' ); ?>

I'd like to think this is a rare thing to find but in both of my cases it was found in well known Joomla extensions. I've since reported the issue with those extension providers and it's been fixed, but this will undoubtedly keep coming up for others. 

Hopefully this saves you some of the headache.

Tagged in: Joomla

Entrepreneur and Camcloud founder. I'm a 12+ year tech veteran. Former Director of Product Management and Certified Scrum Product Owner (CSPO). I focus on front-end web development with jQuery, HTML5 & cloud infrastructure.


Find me on Twitter

Comments

  • Guest
    Steve Tuesday, 01 January 2013

    I get this error every time i go to log in and fat finger on my password. The last character in my PW is a ! which requires a shift press. And in a hurry if you are still holding down shift when you press enter to submit, it opens the 'submit' link in a new tab/window. Every time this happens to me i get the invalid token error. I simply close the extra tab and re log in and all is well. Hope this helps!

  • Guest
    TIMBER MTB Monday, 11 February 2013

    Thanks, the System-cache fix seems to have resolved this problem for us!

  • Guest
    Julien Sunday, 23 June 2013

    Thanks ! Saved me a load of time. Useful info.

  • Guest
    Monique Friday, 05 July 2013

    Hello, how can I find the form that is the culprit? I'm 98% sure that my problem is not a cache problem...

  • alen
    alen Friday, 05 July 2013

    What are you clicking that is causing this Invalid Token? Is it some sort of form that produces this when you hit a Submit button, for example. You should be able to see what component/module you are in. Message me if your still lost: alen at camcloud dot com.

  • Guest
    Monique Tuesday, 09 July 2013

    It is on a personalized login form module that is integrated with FB. I tried your method, thank you, but it didn't work out. I'll try to see the support for the module.

  • Guest
    HEV Wednesday, 17 July 2013

    Alen,

    It is happening to my site as well.

    Joomla 2.5.11

    I can login but once I log out, I get the Invalid Token message.
    If I wait awhile, I can log back in but once I log out I get the message agian a login.

  • Guest
    Co Hill Monday, 26 August 2013

    My problem is easybook reloaded. Every time that someone tries to enter something in the guestbook we get the invalid token message. System cache is off, I cannot find the problem.

    Unfortunate.

  • alen
    alen Monday, 26 August 2013

    @Co Hill - It's best to contact Easybook reloaded extension developers. I took a quick look at the code and I can see with most forms they apply a token. But I don't see one in site\views\entry\tmpl\commentform.php. Could be the issue but then again I don't see anywhere they check that token with checkToken method. So it is just a theory you should check out with them. Good luck!

  • Guest
    john Saturday, 14 September 2013

    Informative... thanks for sharing this solution regards invalid token error in joomla.


    Joomla Video Player

  • Guest
    joomla video player Saturday, 14 September 2013

    Informative... thanks for sharing this solution regards invalid token error in joomla.

  • Guest
    Ed Andrea Wednesday, 18 September 2013

    I've found a reference that says to add this line to the module form.



    right before the form closing tag. I'd try this but can't seem to locate the form's template. How would find the place to put it?

  • alen
    alen Thursday, 19 September 2013

    Looks like it stripped our the code in the comment form. How ironic ;)

    Locating the forms template is the tricky part. If you know the form that causes the invalid token then just look at the HTML source of the page (before you trigger Invalid Token). Find a keyword in the form such as the id or class and search for that in the extension or entire Joomla code.

  • Guest
    joe Thursday, 10 October 2013

    I have tried locating the source of the error, but nothing :(...will keep trying..thanks for sharing.

  • Guest
    Livingstone Friday, 01 November 2013

    Hello, thanks for the info. The issue of "invalid Token" has really been fixed with the system cache set to No.

  • Guest
    LCFe Thursday, 07 November 2013

    Hi
    Just wondering if anyone has this "invalid security token" error at step 6 of the installation.

  • Guest
    Robert Tuesday, 17 December 2013

    Hai This information useful for invalid token error in joomla...Thanks for this information...
    Joomla Video player

  • Guest
    Emmanuel Wednesday, 08 January 2014

    Error: The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.

    using joomla 2.5 happens when attempting to use save new. in article manager..

  • Guest
    Natasa Tuesday, 04 March 2014

    Please, solution, for the locations in witch script and where in the post form to put this code

  • Guest
    Natasa Tuesday, 04 March 2014

Leave your comment

Guest Saturday, 20 September 2014
Security

We take your security and privacy seriously. Be sure to select a strong password for your account. Read our privacy policy for more information. 
Contact

1-855-519-1530
sales@camcloud.com
support@camcloud.com