Form and admin plugin failing with Invalid Security Token

In configuring I thought that I had messed up form after the upgrade to 1.0.5 . So I blew the entire site away and re-installed. However, it seems that Form is broken - when installing the admin plugin I get “oops something went wrong” when creating the user. So I worked around this with the CLI. Now login fails with “Invalid Security Token”.

Is this a bug that has been introduced or something that I am doing wrong please?

Can you please check that all your plugins are also updated to the latest versions? bin/gpm update should do the trick.

If that is still happening, zip your site and send it to me over a Gitter PM. I’ll check it out. Is that Linux? which PHP version?

I have the exact same symptoms.

When it didn’t work with my site I was trying to update, I tested it on an unmodified extraction of the .zip downloaded.

PHP 5.5.9

I ran bin/gpm upgrade for good measure.

I figure it has got to be something about my testing webserver’s config, but I followed the Requirements in the documentation as best I could.

OP: did you ever find the culprit?
Anyone: any more ideas?

Also run a bin/gpm update as well as selfupgrade. The issue is one of your plugins is out of date.

I’ve ran both of those successfully.

This is happening to me even with an unmodified fresh download. It prompts for an new admin user, which doesn’t work. If you create one with bin/plugin login newuser and try to login I get the invalid token.

Since it is from a completely unmodified files I figure it is my server config, but I think I’ve followed the documentation.

hmm… that’s pretty odd. can you create an issue on the Grav admin repo with as many details as you can provide and we’ll get to the bottom of this:

Sorry - I’ve been out of net access for a while - just got back to this:

  1. did the gpm update, no luck
  2. blew away the entire server directory and re-installed and get “Oops there was a problem, please check your input and submit the form again.” when creating the first user in Admin
    I am creating a bug against plugin-admin

@rhukster - thanks SO much for your help

Bug created:

For me I have found that it works in Chrome and Firefox, but fails with the symptoms described in IE 11 and Edge on Windows 10. It didn’t occur to me that it could be an issue with browsers until now. I put the server in trusted sites, but it has the same behavior.

I’m using Chrome…

I really need to get a zip file of an entire site that is having this invalid security token issue. Please PM me if you can provide it.

Will do. Will take a couple days (family), but will PM you immediately I have it.

Sounds like cached JS issue to me. Try clearing your browser cache.

Chrome Version 47.0.2526.106 (64-bit) running on MacOS. Incognito mode does the same thing.
Clear Cache - same thing
Firefox - same thing
Now - Move off of our Corporate network and go to guest only and it all works! I have also noticed that using Corporate Network means that I cannot login to Rochen - it seems that IP Addresses are just jumping around and being randomly assigned on each request… WOW.

We might have a fix for this with the latest version of Grav + Admin. We now support reverse proxy in our nonce calculation. So give it a whirl!