Invalid CSRF Token Error
Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to send a request to an authenticated web application. CSRF attacks exploit a web application's trust in an authenticated user. A CSRF attack exploits a security vulnerability of a web application (software, scripts, etc.) that cannot distinguish between a genuine user-generated request and a fake-generated request.
In order to prevent CSRF forgery on WISECP, CSRF TOKEN is used in all form fields. In this way, it is easily understood whether the request was sent with the permission and authority of a real user. However, in some cases, the CSRF TOKEN cannot be processed into the SESSION information of the user on the server and the "Invalid CSRF Token" error occurs.
Possible causes and solutions for this are as follows:
- Your "session" directory may not be writable. (High possibility)
Solution: Update the "https://t.wcp.cx/l/TaozSB" field in the "PHP.ini" settings as seen. (It should be seen as marked in the screenshot.)
- Your site may not have a valid SSL certificate.
Solution: Make sure that your site has a valid SSL certificate and that the "Automatic HTTPS" feature in the "Admin Area > Settings > General > Advanced" path is enabled.
- Your disk space may be full.
Solution: Make sure that the disk space allocated for your hosting service is not full. For testing, you can try uploading a file to your site via FTP.
- Any "Security Extension" can be active in your web browser (Chrome, Mozilla, etc.)
Solution: Disable security/optimization related extensions in your web browser and check/test again.
- The cookie settings of your web browser (Chrome, Mozilla, etc.) may be turned off.
Solution: Make sure that the cookie features are not disabled by examining your web browser settings.
If the instructions described above do not work for you, it means that session records cannot be created on your server for a different reason.
We recommend that you seek support from the service provider you receive server service from or a server management specialist regarding your issue.