Skip to main content
Token verification failed. Please go back and try again. Started by radu81 · · Read 13394 times 0 Members and 2 Guests are viewing this topic. previous topic - next topic

Token verification failed. Please go back and try again.

I have this error on one of my elkarte forum, not on both of them. They are hosted on the same server, so not a server error since they both use the same configuration.
I get this error every time I try to edit the add-on settings ( /index.php?action=admin;area=addonsettings). I am not able to make any edits on Add-on settings pages. IIRC a few weeks ago a member already reported a similar error.
Nothing in elk log, what else should I check?
sorry for my bad english

Re: Token verification failed. Please go back and try again.

Reply #1

Are there many manual edit to ElkArte files? Otherwise, you can try to overwrite them with the EA original install which normally disable addons . Also the repair_settings should be able to disable all addons as well. If I remember correctly that is since it has been long time since I was playing with EA.

Re: Token verification failed. Please go back and try again.

Reply #2

What are the file permissions on the index.php file, Radu81?   Fog giggles, try setting it to 0777 and see if that changes anything.

// Deep inside every dilemma lies a solution that involves explosives //

Re: Token verification failed. Please go back and try again.

Reply #3

I don't think changing the index.php permissions to 0777 is a good idea, though you can try, since the complaint is about about editing issue in the addon settings page.

Edited: The issue could be because of your theme or one of the addon. Try reading this:

https://www.elkarte.net/community/index.php?topic=3760.0

You could also try:
Code: [Select]
# 301 REDIRECT HTTP TO HTTPS AND WWW TO NON-WWW
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</IfModule>
Adjust accordingly for your site/forum.
Last Edit: December 24, 2024, 10:50:20 pm by ahrasis

Re: Token verification failed. Please go back and try again.

Reply #4

Quote from: ahrasis – I don't think changing the index.php permissions to 0777 is a good idea, though you can try, since the complaint is about about editing issue in the addon settings page.


quick and simple to try and rule out. I don't know all of what is being changed in the edit but, since he has another forum that is not experiencing the error, he can make a similar change in that forum, see what files were updated (last modified date/time), and then in the other forum 0777 those files, or maybe the whole folder. Probably won't change anything and can be set back to the original permissions, but if it does, well {blush} :zany_face: 
Last Edit: December 24, 2024, 11:18:42 pm by Steeley

// Deep inside every dilemma lies a solution that involves explosives //

Re: Token verification failed. Please go back and try again.

Reply #5

I think it was a cookie problem, I did not do anything, I just used the same browser in incognito mode and everything worked fine.

This could be related to a server change which I did a few months ago. I migrated from Ubuntu 18 to Debian 12, and in that situation I used the repair_settings.php several times. I know Ubuntu 18 reached his eol last year, but that configuration worked so fine for my forum for the last 6 years... Now I'm using a different configuration, on the old vps I used Nginx in front of Apache, now I don't use Apache anymore.
sorry for my bad english

Re: Token verification failed. Please go back and try again.

Reply #6

First, why I think it is not a good idea?
Quotechmod 777: Everything for everyone. This command will give read, write and execute permission to the owner, group and public. chmod 777 is considered potentially dangerous because you are giving read, write and execute permission on a file/directory to everyone (who is on your system). You should totally avoid it.

Second, I could agree that it could be a cookie problem but I could not say anything more. I unfortunately do not think Debian 12 or nginx is the problem.

By the way, the token verification failed could just be nothing too:
Quote from: emanuele – Token failed is "kind" of normal in certain conditions.
The tokens are a security feature that (simplifying) allows to submit a form only once, that way, if you are tricked to submit data of a form by an hacker or so, it's very difficult to get the token right, and most likely you'll face the token verification failed.

Unfortunately, you'll get the same error if for example you submit a form, receive an error and you use the "back" button of the browser to go back, because what happens is:
Elk generates a token and adds it to the form
you submit the form
first thing that Elk does is check if the token is correct, if it is, the token is invalidated and the program proceeds
Elk generates an error maybe because you set something wrong and gives you the "fatal error page" with the "back" button
if you use the browser's back button, you will come back to the original form, but this form contains the token that has been invalidated
you re-submit the form
* Elk verifies the token, but it finds it was invalidated and gives you the "token verification failed" error.

Re: Token verification failed. Please go back and try again.

Reply #7

Quote from: ahrasis –
chmod 777: Everything for everyone. This command will give read, write and execute permission to the owner, group and public. chmod 777 is considered potentially dangerous because you are giving read, write and execute permission on a file/directory to everyone (who is on your system). You should totally avoid it.


One - if there's a permission issue, 0777 will expose it. It will also confirm it's not a permission issue with a file or directory if the problem doesn't go away. Typically, if there's a permission issue, one would then go chase down the cause and fix that. In the end, it can be put back to original (or at least to something less  permissive than 0777 that still works (In my case for example, an update to my server caused attachments to suddenly fail posting. I changed the permissions on the attachment directory from 0755 to 0777 and voilla! 

Two - unless someone has access to the server file system, they're not going to be able to do anything regardless of the permissions settings, and if they do have access to the file system, depending on their status or group they may also be able to change the permissions on a file or directory anyway, right?
(In my case, since the only ones who have access to my file system are me and my host, I just left that folder as 0777.

In this case, I suspect you're right about the token or cookie, although "being nothing" isn't entirely accurate since Radu81 said "I am not able to make any edits on Add-on settings pages.."


// Deep inside every dilemma lies a solution that involves explosives //

Re: Token verification failed. Please go back and try again.

Reply #8

 :cool:

Re: Token verification failed. Please go back and try again.

Reply #9

Sometimes, Cookies just crumble.  :tongue:

Re: Token verification failed. Please go back and try again.

Reply #10

Guess we had to wrap up the thread with a token cliché ..  :rolleyes:

// Deep inside every dilemma lies a solution that involves explosives //