Ho to avoid error "Security token has expired, so action has been canceled"

Hello,
lately I get the message “Security token has expired, so action has been canceled. Please try again.”
I believe (I read) that this happens after enabling a custom module,
However, I cannot understand how the module can generate such an error.
I did a search but, in the “custom” folder, I can’t find any occurrences of the string “token” and not even $ _SESSION.
I have updated version 14 to 15, but the problem persists.

Hello,

the handling of the security token mechanism has to be (correctly) implemented by the custom modules. Therefore, it does not help to update Dolibarr to get rid of the error message. Please use modules, which are tested with and released for the Dolibarr version you are using. If you know which module contains the bug, you should contact the author/seller of the module for a fix.

Honestly, the suspect is one of the modules I created :slight_smile:
I am doing some tests disabling / re-enabling the single modules, but since the error does not seem to appear immediately, and it’s difficult to spot, I ask:
I understand that the problem is related to the $ _SESSION [‘token’] variable and I don’t see the use of that variable in the modules, how can I solve the problem?

The modules can make function calls which then renew the session token, so they do not use the variable directly. I remember having seen a description of what exactly to do in an own module to handle this properly but could not find it so far. If I come across it, I will let you know.

Found a link which might be helpful to better understand the problem:
Reported Bug - Expired Security Token · Issue #16626 · Dolibarr/dolibarr · GitHub

Thanks a lot.
Iit seems like a complex situation to check on many modules :slight_smile:
I start from the link you suggested