This msg. shows up every time I want to publish a story with Fire Fox. I have posted this issue a while ago but it still persists.
This is how it goes:
Trying to publish a story resluts in a msg. " Security Token is Invalid - Possible session timeout."
I have installed the IE tab and when I switch the rendering engine I do not see the issue. I dont see this issue wiht IE 9 as well.
It is clearly related to FF.
Fire Fox 4.0 updated yesratday and the issue still persists.
glfusion 1.2.1.pl3 and chameleon 2.1.11
I have switched off all the plugins and addons with FireFox and the issue is still there..so its not plug in problem.
When you receive the security token invalid message, are you then able to submit the story? What should happen is you are given another chance to submit when the token has expired.
I'm sure we've been through some of this before, but let's regroup and run through the checklist:
The token check does the following:
1. The token is retrieved from the database. If no token is found, the expired message is displayed. There was a bug that was fixed in v1.2.1.pl5 that would cause this error message when more than one token was displayed on a page. Generally this only affects editing / deleting comments and should not be a problem with story editing. But, I think it would be wise to update to the latest patch level and let's see if this solves the issue.
2. Compares the referring URL with the URL that set the token. For example, when you edit a story the URL used to begin the edit is . When you hit save, the URL that is submitting the form is checked, it should also be in this example. Possible trouble spots: Accessing the site as , but having as the site_url setting (notice the www. difference).
3. Tokens are valid for 20 minutes. If you spend more than 20 minutes editing the story, you will receive the expired message. You should be able to simply hit submit again to recover without any data loss.
I think the best next step would be to update to the latest patch level.
Make sure you are overwriting the older files when FTP'ing up to your site. The version number is stored in lib-common.php (public_html/ directory). If it is still showing .pl3 then it did not get overwritten with the never version from .pl5.
Max - you are getting this error when editing / saving a story?
Savco / Max - Do you guys see the problem if you try a different browser? I'm curious if this is a FireFox only issue...If it works in other browsers, but not in FireFox, the first question I would ask is what add-ons do you have installed? I'm wondering if one of them might be messing with the security token cookies?
I've done some pretty extensive testing with FFv4 and glFusion v1.2.1.pl5 with both Nouveau and Chameleon themes, so fare everything is working as it should. Not to say there isn't a problem somewhere, I'm just having a difficult time recreating it.
There seem to be several IE Tab add-ons, can you tell me specifically which one you are using (name, version, maybe even publisher). I want to test it out here.
My guess is that it is screwing with the cookies used to store the token, especially since you are having the same problem here. I don't think it is anything site related, more with how the browser is handling the cookies.
A quick test would be to disable the add-on and see if the problem goes away. At least then we'll know what it is and can then focus on why.
In Firefox 4 it happens once after re-submitting "Authentication Required" when time-out occurs. It has happened when posting a new story or editing a static page. If I try again right after, it's ok.
I also got a bizarre error when posting a new image to MediaGallery:
MG_saveSWFUpload error: Unable to locate uploaded file. Check your webserver error logs and also make sure your post_max_size and max_upload_size parameters in php.ini are set larger than the file you are trying to upload.
If I try again right after -- it's ok -- just like with stories/static pages.
At one restart of Firefox, my bookmark bar was empty ==> conclusion: my install of Firefox is broken, will uninstall and start clean.
My addons don't get involved during usage: Download Statusbar, FoxClocks, Update Scanner and Web Developer.
OK, I tried with a fresh FF4 and Chrome on another computer and recreated the problem with these steps:
1. Log in
2. Go to Static Pages
3. Wait the 20 minutes for session expiration
4. Click edit a static page -- the user/pass comes up to re-authenticate
5. Save static page (no need to actually edit anything) **security token invalid message**
6. Try to save again. This will work.
Max - what you describe is how it is supposed to work...
Basically, the security token timed out after 20 minutes (by design, they can only live so long or they end up offering no protection). You submit, are told the toke is invalid but you have another chance to submit (with a new, fresh token).
So, it is doing what it is supposed to do. Try the same test, but don't wait 20 minutes, only wait 15 and you should see the save happen just fine without any token errors.