Invalid security token locks out users trying to log in through an email link

by wanderlusted   Last Updated July 30, 2020 06:10 AM - source

I ran into the below problem that blocks my users to log into my site:

When the user needs to log in she gets a notification email with a button that links to the below address:

Joomla changes the above link to the below one, asking the user to log in:

Previously this worked perfectly fine. But since yesterday, my users get the below error message:

"Warnung Der Sicherheitstoken ist falsch. Die Anfrage wurde zur├╝ckgewiesen, um eine Sicherheitsverletzung zu verhindern. Bitte die Seite aktualisieren und erneut versuchen."

I believe this is equivalent to:

"The most recent request was denied because it contained an invalid security token. Please refresh the page and try again"

I think I could find a workaround to the problem: If I log in by typing and THEN click the link in the email, then it seems to be working. However it is super embarassing to ask my users to do so all the time, so I'd like to find a solution to the problem.

I read through the related (lengthy)forums talking about the invalid security token problem and tried the below suggestions, but none helped:

  • Flush cache at the host
  • Flush cache in Joomla
  • Checking if the System - Page cache plugin is disabled (it was disabled)
  • Empty the _session table in the Joomla database
  • Upgrading Joomla to the latest version
  • Fixing the database (Extensions / Manage / Database)
  • Extending the session timeout to 10 hours

As a sidenote: a few days ago I added some new entries to the .htaccess file to redirect the non-www and http requests to https://www. Not sure if this has anything to do with the problem.

It seems that this is not a new issue, but please let me know, if based on the above description, you can suggest anything to fix this in my case.

Thanks, W.

Related Questions

User Login History

Updated June 16, 2015 23:04 PM

Unable to log in to Joomla! front-end

Updated April 11, 2019 17:10 PM

Access Denied, what am I overlooking?

Updated April 30, 2016 08:04 AM