Working with Joomla website you can see the Invalid Token error message. In this post we’ll describe the error and offer some way of solving it.
What are Tokens anyway ?
Tokens first made their way into Joomla with Joomla 1.5.3. They were introduced as a security feature for forms. For any form submitted on a Joomla website, a token was expected to be passed. If this was incorrect or missing, you’d get an Invalid Token error. This is really good as it thwarts Spam & hack attempts.
What’s affected ?
All forms in Joomla are affected by this. This error was more noticeable in the Login & Registration forms as these are the most used.
Why are we getting Invalid Token Errors ?
There are many reasons for you to get this error, and here’s a list of the most common ones:
Expired cookie: The cookie that Joomla expects you to have has expired. Deleting your cookies and trying to login again will fix the problem.
- Disable caching entirely. This is a two step process:
- Login to your Joomla control panel, go to Site, Global Configuration, System, and click on “No” next to Cache under Cache Settings and
- Disable the System cache plugin, by going to Extensions,Plugins, and then search for the System – Cache and click the checkbox next to it, and finally click on Disable on the top right.
- Fix the code for the login (or the other feature you’re having problem with) yourself, by commenting out the check for the token.
In form file locate the following code:
<input type="hidden" name="<?php echo JUtility::getToken(); ?>" value="1" />
and replace it with
<?php echo JHTML::_( 'form.token' ); ?>
Using legacy mode (Joomla 1.0 mode): Using Joomla in Legacy mode is known to cause this problem. Just disable the legacy mode plugin.
Using legacy code for checking for tokens: Some versions of Joomla/Joomla templates feature some legacy code to check for tokens. This code needs to be changed. Here’s how to fix this problem:
- Open up the file /modules/mod_login/tmpl/default.php and change the line <?php JUtility::getToken(); ?> to <?php echo JHTML::_( ‘form.token’ ); ?>
- In many cases, the login module is overridden by the template, so you need to check the code in your template there to see if it’s using the JUtility::getToken(); and change it to the JHTML::_( ‘form.token’ );
Disabled cookies on browser: If cookies are disabled on your browser then you will definitely see this problem. Enabling cookies will fix it.