Elgg 1.8.15 causing login errors

I have been facing login issues ever since I upgraded to 1.8.15. I get the following messages when I try to login:

1. Sorry, logging in from a different domain is not permitted. Please try again.

2. At times it will try to login and redirect to a home page without loggin in and no error messages.

3. It shall give incorrect username/password message

If I go to activity page and do a login, it lets me in.

None of these issues happen on me development server but they happen on production server. 

Any pointers? 

I also saw this message in firebug:

XMLHttpRequest cannot load http://domain.com/es/ajax/view/js/languages?language=en. Origin http://www.domain.com is not allowed by Access-Control-Allow-Origin

  • Problems due to 3rd party plugin used that might not be fully working in Elgg 1.8.15 anymore?

    Or: http://docs.elgg.org/wiki/Login_token_mismatch_error

  • I have tried the aboe fix but it did not work. Not sure why this works on my local machine but not on the production sever.

  • Can I get someone's attention on this please. Everything was working fine till 1.8.12 and my upgrade has caused this issue. I have tried the above lines in the .htaccess but did not work. Can someone point out the right configuration to me please?

    My site url is example.com and I am using the following

    RewriteCond %{HTTP_HOST} .

    RewriteCond %{HTTP_HOST} !^example\.com

    RewriteRule (.*) http://example.com/$1 [R=301,L]

    Also, I am running elgg in a sub-directory of the web root so it is


    I tried using the rewritebase but it still did not work.

    Anyone willing to share their working configuration?


  • Where have you added the lines in .htaccess? If you added them below any other Rewrite rules, it won't work. Check out your .htaccess file and compare it with htaccess_dist included in Elgg 1.8.15. If there are any differences (apart from your own modifications) you should first upgrade your .htaccess file to include any changes that were introduced in Elgg 1.8.15. Then search for the following comment lines in your updated .htaccess file:

    # If your users receive the message "Sorry, logging in from a different domain is not permitted"# you must make sure your login form is served from the same hostname as your site pages.# See http://docs.elgg.org/wiki/Login_token_mismatch_error for more info.


    # If you must add RewriteRules to change hostname, add them directly below (above all the others)

    The Rewrite rules from http://docs.elgg.org/wiki/Login_token_mismatch_error need to be added immediately after these comment.

    If it still does not work: do you use any 3rd party plugins that might interfere the login (e.g. Twitter login, Facebook login etc.). They might not be fully compatible with Elgg 1.8.15.

  • Not matter what I do, this does not work. If I understand the issue correctly, the login token mismatch issues happens only when you try to login from a different domain like example.com instead of www.example.com etc. Now my issue is that after the upgrade I cannot login no matter what URL I use, example.com or www.example.com. I have added the line, disabled all plugins etc. but nothing works. Interestingly when I do a fresh install, it works. This makes me think that there is something else going on possiblly in the database, session emtries or what not. Anyone have any idea why such a thing would happen. I looked over the code action.php and it seems to detect a cross domain probability and hence throws an error. Would the forms or token generated might have to do with something here.

  • Maybe the upgrade itself caused the problem. It could be that a file or files were not completely copied to the server or not copied at all. You could copy / overwrite everything again with version Elgg 1.8.15 of Elgg.

    Also: have you executed upgrade.php after copying the files to the server to finish the upgrade?

  • The brand new installation of 1.8.15 works but upgrade does not. I finally gave up and have reverted back to 1.8.12 so I can atleast login normally. Will reserach more to find what the real issue is. 

  • Have you tested the fresh installation of Elgg 1.8.15 with exactly the same 3rd party plugins installed?

  • I have a user that is unable to login - she gets the error mentioned here.  How do I fix this?  Is there something she can do from her end?

    Thank you -


  • @Ica: ask her if she tried already to login to your site using both http://your.site.url and http://www.your.site.url. Also aks her if her browser is configured to allow cookies to be saved. You can also suggest to her to try a different browser to see if it makes a difference. I don't think there's more she could try on her side.