Update on “Invalid Nonce” error on login with Ultimate Member

Same problem here. We tried soooo many things – all in the area on not caching the login page. But nothing helped. Very annoying.

Any help is highly appreciated.

Hi @stefanmeier @jamesiwate

Please update your Ultimate Member to the latest version and clear all caches. The error message “Invalid Nonce” appears if the page with a form is cached.

You should never cache pages “Login”, “Register”, “Password Reset”, “Account”, “Profile”. These pages may work wrong if cached.

If you are using any caching plugin then please look at hosting and site settings and disable caching for these pages. Some hosting providers have the caching feature enabled by default. Please look at the server settings if your hosting has a site control panel or ask the hosting support for assistance.

Hi @stefanmeier @jamesiwate

Could you please tell us if Asif’s instructions revolve around the issue on your end?

Feel free to re-open this thread if there’s any question that may come up.

Regards,

Hi @champsupertramp ,

The issue is not resolved, I am waiting to here back from the Server administrator about the hosting settings. I have confirmed that the login page is indeed being cached even though I set the my caching plugin to exclude it.

Also, the problem has worsened. Now, I cannot even log out of some sites on my multisite!

I will update the thread when there is a resolution.

Could you leave this thread as unresolved?

James

• This reply was modified 4 years, 1 month ago by james.iwate.

Hi @jamesiwate

May I know if can you see the settings where you can change the topic status to Not Resolved at the left side corner of this page?

Regards,

We use apache and caching instructions in .htaccess:

<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresByType text/css "access 1 month"
	ExpiresByType text/html "access 1 month"
	ExpiresByType image/gif "access 1 year"
	ExpiresByType image/png "access 1 year"
	ExpiresByType image/jpg "access 1 year"
	ExpiresByType image/jpeg "access 1 year"
	ExpiresByType image/svg "access 1 year"
	ExpiresByType image/x-icon "access 1 year"
	ExpiresByType application/pdf "access 1 month"
	ExpiresByType application/xhtml-xml "access 1 month"
	ExpiresByType application/javascript "access 1 month" 
	ExpiresByType text/x-javascript "access 1 month"
	ExpiresByType application/x-shockwave-flash "access 1 month"
	ExpiresDefault "access 1 month"
</IfModule>
<ifModule mod_headers.c>
	<filesMatch "\.(ico|jpeg|jpg|png|gif|swf|pdf|svg)$">
		Header set Cache-Control "public"
	</filesMatch>
	<filesMatch "\.(css)$">
		Header set Cache-Control "public"
	</filesMatch>
	<filesMatch "\.(js)$">
		Header set Cache-Control "private"
	</filesMatch>
	<filesMatch "\.(x?html?|php)$">
		Header set Cache-Control "private, must-revalidate"
	</filesMatch>
</ifModule>

We have no idea how to exclude single pages. We’ve tried using meta pragma no-cache headers but this seems not to solve the issue.

Any ideas how exclude individual pages from caching (using .htaccess)?

Hi @stefanmeyer2 @jamesiwate

Could you please confirm to your hosting provider what cache module they have installed on your server? Are you using varnish cache?

Hi Everyone,

I’m a first timer here and a new utimate member user. Like all of you I’ve been roaming for a solution to the ‘Invalid nonce’ and I think I’ve found it:
Go to the Ultimate Member Settings and under the ‘Misc’ tab, tick ‘Disable Cache User Profile’ and don’t forget to Save Changes.

I’m running W3 Total Cache and suspect that the Ultimate Member caching is clashing with it.

I hope doing this will fix it for all of you. let me know how you get on.

Same problem for me. Hosted by the french wp-serveur company, nginx cache. The login page is reported as “not cached” by their caching tool… but the “invalid nonce” error remains.

• This reply was modified 4 years, 1 month ago by xgougeon.

Hi @cer0c

Thanks for letting us know how you resolve the issue.

Does anyone try what @cer0c suggested?

Regards,

Hi, here is an update to my update.

First, I realized that for some reason my caching program was not disabling cache so we wrote the following into the httpd file on the server. These are paths that are supposed to be cached.

<IfModule mod_cache.c>
CacheDisable https://mysite/login
    CacheDisable https://mysite/logout
    CacheDisable https://mysite/wp-.*\.php
    CacheDisable https://mysite/index\.php
    CacheDisable https://mysite/register
    CacheDisable https://mysite/user
</IfModule>

However, we are still sporadically receiving the invalid nonce error. It seems like the error has decreased in frequency, but it id difficult to know for sure.

Are there any other pages or URL strings I should disable caching for?

Second, a user received an “invalid nonce” error when uploading a picture to her profile. I have tried @cer0c ‘s suggestion of disabling the user cache under misc on the Ultimate member settings panel on the dashboard.

Third, someone recommended that I use the login form from WPLogin plugin. I can do this by uploading the plugin and changing the shortcode on the ultimate member login page. If this problem persists, I might do that. I have tried it on my test site.

I wonder why this happens with ultimate member but not the normal way of logging in on WordPress.

Hi @jamesiwate

Could you please try this pre-release version of Ultimate Member?

We’ve made some changes for the cache. Let’s see if this resolves the issue on your end.

https://drive.google.com/file/d/1-6jx7D2I2BNqdWc04FqSRYXP-dTx08pb/view?usp=sharing

Regards,

@champsupertramp ,
Thank you for this. I have a lot of classes today but will test it by Monday and let you know how it goes!

@champsupertramp , Unfortunately, I updated to the pre-release version but the problem still persists. Aside from not caching the login page, does ultimate member have any recommended server cache settings?

Hello, I thought I would provide one last update. I am not confident enough to say the issue is completely resolved because I, myself, got the invalid nonce error once yesterday, but, to my knowledge, over 100 site users have not received this error in two weeks. Here is what I did:

First, my cache plugin was not disabling cache. Therefore, I have to write the following into the httpd file of the server to make sure cache was disabled for the login pages

<IfModule mod_cache.c>
CacheDisable https://mysite/login
    CacheDisable https://mysite/logout
    CacheDisable https://mysite/wp-.*\.php
    CacheDisable https://mysite/index\.php
    CacheDisable https://mysite/register
    CacheDisable https://mysite/user
</IfModule>

Second, after doing this, I was still having problems (When I clicked on the ulitmate member ‘logout’ button; I would not be logged out). I deleted the site data on my browser and turned off all the plugins except ultimate member. This seemed to resolve the problem.

Third, I had some code in my ipconfig file that made it possible for the superadmin to visit the dashboards of various sites on the multisite without logging in. I deleted this code. This caused the “invalid nonce” error to disappear on the child sites of my multisite. The bad code is below:

define( 'COOKIE_DOMAIN', '');
define( 'ADMIN_COOKIE_PATH', '/' );
define( 'COOKIEPATH', '' );
define( 'SITECOOKIEPATH', '' );*/

Ultimate member seems to have updated its login.php form on June 1, 2020, that is when my invalid nonce problems began.

Again, I did get the error yesterday accessing my site on a browser I seldom use(google chrome) on my mac. I do not know if the reason for this was because I had not deleted the browser cache after resolving the issue with the site or if there is still a problem. However, I am marking this issue as resolved as currently, I cannot replicate the error.