Invalid Token on Joomla Login

If you have been using Joomla for a long time, then it might be that you have faced the dreaded “Invalid Token” when you try to login to the Joomla (on the real website, not the control panel), or when you try to perform other activities, such as voting, submitting forms, etc… In this post we will explain why invalid tokens exist, what might have caused your invalid token problem, and how to fix it.

What are invalid tokens and why do they exist?

Joomla is a CMS that is targeted by spammers. Many spammers try to automatically create an account on a Joomla website, and then they try to automatically login and post some obscenities and/or spam on your website. The Joomla developers figured out a way that will block spammers from doing this, and this way is to assign a cookie to the PC trying to login. If the cookie is not there, then the system will return an “Invalid Token” error. So, in short, tokens (and the “invalid token” error) were created as a first line defense mechanism against spammers. But, as you might have probably guessed, it has side effects…

Why are you getting this invalid token error?

Now since it’s your website and you (or your legitimate users) are trying to login (or vote, or submit a form, etc..) to it normally, then theoretically, you shouldn’t see the “Invalid Token” message. However, since you are reading this post, then you have obviously experienced it! But why? Well, there are many reasons for you to get this error, and here’s a list of the most common ones:

  • Expired cookie: The cookie that Joomla expects you to have has expired. Deleting your cookies and trying to login again will fix the problem.
  • Caching: If we had a dime on how many problems caching creates on a Joomla website, we’d be billionaires! It’s amazing how many conflicts this very useful feature creates in Joomla (maybe the future of Joomla will feature a better caching system?). There are two ways to address the caching problem:

    1. Disable caching entirely. This is a two step process:
      1. Login to your Joomla control panel, go to Site, Global Configuration, System, and click on “No” next to Cache under Cache Settings and
      2. Disable the System cache plugin, by going to Extensions, Plugins, and then search for the System – Cache and click the checkbox next to it, and finally click on Disable on the top right.
    2. Fix the code for the login (or the other feature you’re having problem with) yourself, by commenting out the check for the token. (You may need Joomla Experts to do that for you!)
  • JomSocial: JomSocial is known to conflict with the user login on a Joomla website. There are several ways to solve this problem:

    • Uninstall JomSocial: Just uninstall JomSocial by going to Extensions and then the Install/Uninstall page in your Joomla Control Panel and then uninstall JomSocial.
    • Disable JomSocial plugins: Disable all JomSocial plugins. This will also solve the problem, but will definitely cause problems with JomSocial.
    • Fix the JomSocial code: Again, you may need Joomla Experts to do that for you.
  • Using legacy mode (Joomla 1.0 mode): Using Joomla in Legacy mode is known to cause this problem. Just disable the legacy mode plugin. Warning: This measure may break many other features.

  • Using legacy code for checking for tokens: Some versions of Joomla/Joomla templates feature some legacy code to check for tokens. This code needs to be changed. Here’s how to fix this problem:

    • Just open up the file /modules/mod_login/tmpl/default.php and change the line <?php JUtility::getToken(); ?> to <?php echo JHTML::_( 'form.token' ); ?>
    • In many cases, the login module is overridden by the template, so you need to check the code in your template there to see if it’s using the JUtility::getToken(); and change it to the JHTML::_( 'form.token' );
  • Disabled cookies on browser: If cookies are disabled on your browser then you will definitely see this problem. Enabling cookies will fix it.

Now there are many other ways that may cause the Invalid Token error on your Joomla website. If you have tried all of the above and you still can’t solve the problem, then please contact us and we’ll try our best to fix it for you in a very short time. Don’t worry, our fees are very reasonable and we are super fast!

4 Responses to “Invalid Token on Joomla Login”

  1. Pingback by Are You Suddenly Seeing an Error on Every Page of Your Joomla Website? | itoctopus — February 24, 2012 @ 7:25 pm

    [...] Errors: Joomla errors include the famous “invalid token” problem as well as the component not found error. Joomla errors are raised by the Joomla [...]

  2. Pingback by How to Debug Joomla? | itoctopus — July 30, 2012 @ 11:30 am

    [...] the error is not detailed (such as “invalid token“) or you see something like “Internal Server Error”, then you must change [...]

  3. Pingback by Internal Server Error When Logging In to Joomla’s Frontend | itoctopus — September 4, 2012 @ 11:12 pm

    [...] of our top clients came to us today with the classic “invalid token when logging in to Joomla’s frontend” problem, we thought that it’ll be a straightforward fix, but like all these [...]

  4. Pingback by Joomla’s Own Caching Must Be Fixed! | itoctopus — February 5, 2014 @ 5:32 am

    [...] Many core and non-core features can break when caching is enabled. Such features include: logging in to the website from the frontend, searching the Joomla website, and adding items to your cart (if you’re using [...]

Leave a comment