Hi, after upgrade GRAV from 1.1.3 to 1.1.4 and modules login, email, form and admin plugins to actual versions i got still Invalid Security Token for admin login. I tried to clear cache but no success… Also our own plugin for login stopped working. Is there any known issue which cause that? Thanks for replay. F.
Well, I’ve just downgrade back to GRAV 1.1.3 from backup and all logins work fine.
Did you only downgrade Grav or the admin too? Trying to work out what could be the issue. The security token code has not changed.
The forms code has changed, so if you have custom forms, you might need to check the form is formatted correctly.
Hi, I downgraded only GRAV, all plugins are up to date. It’s probably some kind of issue with sessions, which we use in our plugin which also stopped working. So now I tried to upgrade via admin to 1.1.4 and the same issue is back. Login not possible with Invalid. So the problem is in GRAV core. Thanks for solving. We can leave it as 1.1.3 a do not upgrade, but I wanna have always the latest version. 
Is there any change with $_SESSION variable handling?
Well, we found the issue. We have set session.secure to true on http site. But worked with this setting till 1.1.4 upgrade. Probably fixed bug with secured session.
We did fix a bug with overlapping session cookies. This probably is what triggered it.