Login always fails on 1st try (get a token error) always works on the 2nd. Also will not log out properly. Gets confused if using diff logins on the same computer, switches betwen profiles.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Imoutofhere@durangod
Imoutofhere - 0 likes
- Cash@costelloc
Cash - 0 likes
- Voodoo@tbarcier
Voodoo - 0 likes
- Yakiv@Yakiv
Yakiv - 0 likes
- Imoutofhere@durangod
Imoutofhere - 0 likes
- Yakiv@Yakiv
Yakiv - 0 likes
- Yakiv@Yakiv
Yakiv - 0 likes
You must log in to post replies.i think that has something to do with the cookie and the cache, when i use same computer to log into dif accounts i use two dif browsers. what i found is that if i am on firefox as user and ie8 as admin at the same time and i click on a email validation for a test account in my email, it takes me to ie8 admin thats logged in and tells me that i have validated my account while logged into the admin account. I think it has alot to do with the cookie and cache and the way its set up. i think lol
The Elgg wiki is a great place to get answers. Like this: http://docs.elgg.org/wiki/Login_token_mismatch_error
Also, Elgg 1.6 does not support concurrent sessions from the same user. Elgg 1.7 will support that as long as the "remember me" cookie is not used.
Thanks! Problem solved.
@Cash, does Elgg 1.7 fix the issue that Durangod specified?
Also, is there any way to stop this stupid token error on the main index, when trying to login? I have never seen this with any other software and it is just flat-out annoying. Who cares about tokens! That kind of error or non-logging-in action only frustrates users.
As I stated in another thread, I think that the token should only be generated when the user fills out the User ID field and moves to the password field. This could probably be done with JavaScript. Just hitting the home page, not logged in, in my opinion, should not generate this token.
If someone can come up with another alternate idea, so that a person can log in, without throwing the error message (and just getting rid of the error message without logging them in is not good enough!), so that the user has a smooth experience, please share!
Yakiv from your description it sounds like the token is created on index page load when it should actually not be required until they hit the login button, does that sound correct, if that is the way it is i would think (newbe as i am) that moving the token call to the login process rather than just have it load at index startup would be the key. As long as it is early enough in the call process to not affect anything else... makes sence to me but im way green on this..
You correctly understand what I am addressing, I think. Just test it out, here on the community. Clear your cache, come back to the community index (obviously logged out) and let it sit there for over an hour. Then try to log in. You'll get that stupid error about the tokens. Who wants that?!
I just tested it again, on another Elgg site. Here is the error message: