A new client emailed us back on Saturday (today is Monday), and told us that he was seeing the famous (and dreaded) Invalid Token error whenever he tried to login to his Joomla website. He told us that the whole thing happened all of a sudden. He assured us that he didn’t install a new extension, he didn’t modify the settings of an extension, and he didn’t even add/update anything on his website in the past few weeks.
Of course, our first guess was that the website was hacked, so we did a thorough scan to the website, and it was as pure as the driven snow. Our second guess was a recently installed plugin, but there were none. So we disabled all the non-core plugins, and we still had the problem. Our third (and obvious) guess was Joomla caching, but there was no type of Joomla caching enabled.
So, we started debugging the problem by echoing messages in core files (just to narrow down the problem), and while doing that, we noticed something interesting, our changes were not reflecting immediately. Could it be? So, we did additional tests, and we were able to confirm that aggressive caching was being used by the host. So, we called the host and we were told that Varnish Caching was being used for that website, and so we asked them to disable it (they reluctantly agreed). Once Varnish Caching was disabled, everything worked perfectly, and the Invalid Token issue was resolved.
If you are having an Invalid Token error when you are trying to login to your website, then check our previous post about it. If it doesn’t work for you, then check with your host whether they are using server caching (such as Varnish Caching) for your website. If they do, then ask them to disable it. If they refuse to disable it, then maybe it’s time to move to a new host. If the problem has nothing to do with server caching, then all you need to do is to contact us. We are eager to help, our fees are super affordable, and we always find a solution.