cameras in the cloud.

IP camera reviews, news and tips, along with the latest news in home and business video monitoring

How to Solve Invalid Token Error with Joomla

Posted by on in Web Development

Have you ever experienced the "Invalid Token" error while looking at a Joomla built website?

Invalid Token

Well if you have, read on. I've seen two different sources of this error:

  1. System cache
  2. Issue with a field validation form

It seems that when users try to log in when they are already logged in you may get an Invalid Token error. Check that your Joomla "System-Cache" plug-in has "Use Browser Caching" set to No.

The other issue is with extensions. It has happened twice to me now that after using an extension that has some form field validation I get "Invalid Token" errors.

Typical Invalid Token messages come from prevention of Cross Site Request Forgery (CSRF). Details of CSRF and the use in Joomla can be found here.

In both of my instances I was able to find the form that was the culprit. It was just a matter of finding the code and making sure it I added this just before closing the form tag:

<?php echo JHTML::_( 'form.token' ); ?>

I'd like to think this is a rare thing to find but in both of my cases it was found in well known Joomla extensions. I've since reported the issue with those extension providers and it's been fixed, but this will undoubtedly keep coming up for others. 

Hopefully this saves you some of the headache.

Entrepreneur and Camcloud founder. I'm a 12+ year tech veteran. Former Director of Product Management and Certified Scrum Product Owner (CSPO). I focus on front-end web development with jQuery, HTML5 & cloud infrastructure.

Find me on Twitter


  • Guest
    Tim Tuesday, 27 January 2015

    I am having this issue randomly... Right now, it is there again.

    All I can say: Disabling the system cache is NOT a solution! Depending on what kind of website you have, caching is a must-have!

    So "disabling system cache" is not an option for me.
    I tried different things. One attempt was the time zone setting, but it also did not help. Another was using memcache for saving the session, did not help either.

    This is a topic that the joomla core team needs to solve but it seems they do not want to...

  • Guest
    JJS Wednesday, 14 January 2015

    Even in joomla 3.3.6 the problem is there.
    But only had it it with IE11.
    Firefox and chrome are ok.

    disabled the browser cache setting in the plugin and worked well.
    Thanks a bunch!

  • Guest
    resolved Tuesday, 26 August 2014

    Thanks a lot. It's quite informative. I got resolve this token problem by disable the browser cache from the plugin.

  • Guest
    panri Wednesday, 07 May 2014


    I'm having the same problem when using J2XML extension

    As I have my new website ready I would like to export my blog (blogger) into joomla and it is in this process when I get this message. Any thoughts?

  • alen
    alen Thursday, 08 May 2014

    I'd contact the extension developer first. Did you try to locate the issue?

  • Guest
    Natasa Tuesday, 04 March 2014

    Please, solution, for the locations in witch script and where in the post form to put this code

  • Guest
    Natasa Tuesday, 04 March 2014

  • Guest
    Natasa Tuesday, 04 March 2014

    php echo JHtml::_( 'form.token' );

  • Guest
    Emmanuel Wednesday, 08 January 2014

    Error: The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.

    using joomla 2.5 happens when attempting to use save new. in article manager..

  • Guest
    Robert Tuesday, 17 December 2013

    Hai This information useful for invalid token error in joomla...Thanks for this information...
    Joomla Video player

  • Guest
    LCFe Thursday, 07 November 2013

    Just wondering if anyone has this "invalid security token" error at step 6 of the installation.

  • Guest
    Livingstone Friday, 01 November 2013

    Hello, thanks for the info. The issue of "invalid Token" has really been fixed with the system cache set to No.

  • Guest
    joe Thursday, 10 October 2013

    I have tried locating the source of the error, but nothing :(...will keep trying..thanks for sharing.

  • Guest
    Ed Andrea Wednesday, 18 September 2013

    I've found a reference that says to add this line to the module form.

    right before the form closing tag. I'd try this but can't seem to locate the form's template. How would find the place to put it?

  • alen
    alen Thursday, 19 September 2013

    Looks like it stripped our the code in the comment form. How ironic ;)

    Locating the forms template is the tricky part. If you know the form that causes the invalid token then just look at the HTML source of the page (before you trigger Invalid Token). Find a keyword in the form such as the id or class and search for that in the extension or entire Joomla code.

  • Guest
    joomla video player Saturday, 14 September 2013

    Informative... thanks for sharing this solution regards invalid token error in joomla.

  • Guest
    john Saturday, 14 September 2013

    Informative... thanks for sharing this solution regards invalid token error in joomla.

    Joomla Video Player

  • Guest
    Co Hill Monday, 26 August 2013

    My problem is easybook reloaded. Every time that someone tries to enter something in the guestbook we get the invalid token message. System cache is off, I cannot find the problem.


  • alen
    alen Monday, 26 August 2013

    @Co Hill - It's best to contact Easybook reloaded extension developers. I took a quick look at the code and I can see with most forms they apply a token. But I don't see one in site\views\entry\tmpl\commentform.php. Could be the issue but then again I don't see anywhere they check that token with checkToken method. So it is just a theory you should check out with them. Good luck!

  • Guest
    HEV Wednesday, 17 July 2013


    It is happening to my site as well.

    Joomla 2.5.11

    I can login but once I log out, I get the Invalid Token message.
    If I wait awhile, I can log back in but once I log out I get the message agian a login.

Leave your comment

Guest Friday, 04 September 2015

We take your security and privacy seriously. Be sure to select a strong password for your account. Read our privacy policy for more information.