Error: Unable to validate CSRF state

  • Resolved ctrcdaniel

    (@ctrcdaniel)


    2 months ago

    I have disabled Object Cache Pro as suggested from other post. and uploaded the test.php elearning.ct839.com/test.php but i still cannot figure out why this CSRF state error still occurs.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Laszlo

    (@laszloszalvak)

    Hi @ctrcdaniel

    The “Unable to validate CSRF state” error usually occurs if something prevents us from:

    • setting the “SESSnsl” cookie that we use during the authentication
    • accessing the site transients ( so we can not read the data that we stored earlier )

    I checked the login on your site, and we were able to set the cookie, so the problem will be with the transients.

    If you really disabled the object cache, but the problem still occurs then you should check if you have any other caching like Varnish – you should check this with your host. Since if you do, then you will need to exclude both the:

    • “SESSnsl” cookie
    • “?loginSocial” GET parameter in case of the URLs, as that is usually present in all of our requests,

    Server hosts usually have an area where you can manage Varnish, e.g. in case of Cloudways the exclusion works like this:

    Tip: By the way, if your server has prerequisites to run object cache ( the necessary PHP extension and the object cache daemon ), then the object cache shouldn’t cause any problems. Most object cache have a status page, and you should check that for additional information, usually the the connection status will fail if any of the prerequisites are missing. If that is the case, then you should leave the object cache disabled, as that way it won’t improve the performance of your site, instead it will make it slower, as the transients won’t be available.

    Best regards,
    Laszlo.

    Thread Starter ctrcdaniel

    (@ctrcdaniel)

    After adding those exceptions. I can now login to WP with admin account. However, for regular account, it didn’t give me the error message anymore. But it goes back to the login page after redirection.

    Plugin Support Laszlo

    (@laszloszalvak)

    @ctrcdaniel

    I am glad that worked! I checked the login with Google again, and actually we log the user in, so on our end the login happens successfully. After the login with social login, the we redirect the user to your /dashboard page, however it seems in the meanwhile a third party plugin automatically logs you out and it redirects back to the /signin page.

    To figure out what plugin triggers the log out, you should try a plugin/theme conflict test. So you should:

    1. create a full backup of your site
    2. change your theme to a WordPress default one like Twenty Twenty-One
    3. disable all of your plugins except Nextend Social Login
    4. check the login with Google -> if the problem no longer occurs, then the plugin that caused the problem is currently deactivated
    5. start enabling the plugins one by one, or in small groups
    6. repeat step 4-5 until the problem starts occurring again

    Once you managed to find the plugin that causes the problem, please tell us its name and we will take a look at it.

    Thread Starter ctrcdaniel

    (@ctrcdaniel)

    problem solved. it’s the tutorlms limit concurrent user login causing the issue. removed it and solved the issue.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.