Sorry, logging in from a different domain is not permitted. Please try again.

I am ALWAYS getting the above listed error whenever I try to log in. I have 3 different accounts set up. And ALL get the same response.

This is my build as of today: Release - 1.8.18, Version - 2014110100

Anyone out there have any thoughts, similar issues or suggestions.

  • It means the domain where your login form is showing is not the same as the domain you have configured in elgg.  Usually this is due to having www set for one and not the other

    eg. - login - configured in elgg


    Configure elgg to use the protocol you want, and use .htaccess redirect to force users to use that system.

  • also i used to get this with 1 of the anti spam plugins cant remeber which one lol try disabling them see what happens it was not captcha or recaptcha

  • At present, we are still in our infancy stages, since we dumped Oxwall to go with Elgg. Which is to say, we are not running any "anti-spamming" (Boy, that's a lot of junk users to delete) plugins or widgets yet.

    But I will have my tech guy look into things.

  • could just be the position of a certain plugin doing this though the main reason i think is as matt said

    eg. - login - configured in elgg

     i think that will solve your problem straight away

    edit the .htaccess it's a very quick fix wont take long problem solved : )

  • FYI I would not recommend running Elgg with open registration without good spam plugins in place. We are changing Elgg to closed registration by default.

  • Hey guys... I appreciate whatever feedback you have given thus far. Now before I pretend to be any kind of backend webmaster or code-geek. Is the code below, the correct string to add at the bottom of the .htaccess file? Or have I goofed up in full technicolor mode? ;)

    # Redirect for login
    RewriteCond %{HTTP_HOST} .
    RewriteCond %{HTTP_HOST} !^
    RewriteRule (.*)$1 [R=301,L]

    To confirm whats happening, here is a sample account any of you are welcome to try

    username: NikkiBaldera

    password: hotnikki

  • I think these lines should be added above the other RewriteRule lines in your .htaccess file.

  • To iionly: Here is exactly what I did bro. And when I try and login, it simply acts like a refresh, with nothing happening. If I then click on an account to look at it, the following line is visible in bright red near the login box: Form is missing_token or_ts fields.

    Below is the "rewrite" portion of the .htaccess file that I modified, with everything in the expected order.


    # If your users receive the message "Sorry, logging in from a different domain is not permitted"
    # you must make sure your login form is served from the same hostname as your site pages.
    # See for more info.
    # If you must add RewriteRules to change hostname, add them directly below (above all the others)

    RewriteEngine On
    RewriteCond %{HTTP_HOST} .
    RewriteCond %{HTTP_HOST} !^crossovermagazine\.com
    RewriteRule (.*)$1 [R=301,L]

    # In for backwards compatibility
    RewriteRule ^pg\/([A-Za-z0-9\_\-]+)$ engine/handlers/page_handler.php?handler=$1&%{QUERY_STRING} [L]
    RewriteRule ^pg\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/page_handler.php?handler=$1&page=$2&%{QUERY_STRING} [L]
    RewriteRule ^tag\/(.+)\/?$ engine/handlers/page_handler.php?handler=search&page=$1 [L]

    RewriteRule ^action\/([A-Za-z0-9\_\-\/]+)$ engine/handlers/action_handler.php?action=$1&%{QUERY_STRING} [L]

    RewriteRule ^cache\/(.*)$ engine/handlers/cache_handler.php?request=$1&%{QUERY_STRING} [L]

    RewriteRule ^services\/api\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/service_handler.php?handler=$1&request=$2&%{QUERY_STRING} [L]

    RewriteRule ^export\/([A-Za-z]+)\/([0-9]+)\/?$ engine/handlers/export_handler.php?view=$1&guid=$2 [L]
    RewriteRule ^export\/([A-Za-z]+)\/([0-9]+)\/([A-Za-z]+)\/([A-Za-z0-9\_]+)\/$ engine/handlers/export_handler.php?view=$1&guid=$2&type=$3&idname=$4 [L]

    RewriteRule xml-rpc.php engine/handlers/xml-rpc_handler.php [L]
    RewriteRule mt/mt-xmlrpc.cgi engine/handlers/xml-rpc_handler.php [L]

    # rule for rewrite module test during install - can be removed after installation
    RewriteRule ^rewrite.php$ install.php [L]

    # Everything else that isn't a file gets routed through the page handler
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^([A-Za-z0-9\_\-]+)$ engine/handlers/page_handler.php?handler=$1 [QSA,L]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/page_handler.php?handler=$1&page=$2 [QSA,L]

  • I followed the link to your site now and it seems your site url is "". The error message should therefore originally only appear if someone tries to log in using "" (= without "www"). As explained on you have to add the lines

    RewriteCond %{HTTP_HOST} ^crossovermagazine\.com
    RewriteRule ^(.*)$$1 [R=301,L]

    to your .htaccess. The location in .htaccess you added the lines to is correct. But you added the lines to redirect from "www" to "non-www" instead of redirect from "non-www" to "www" as necessary in case of your site.