Security token has expired - Dolibarr Installation

rcedxb · January 28, 2025, 3:21pm

Hi,
I have freshly installed dolibarr version 20.0.3 to my hostgator hosting plan.
I have used Softilicious (provided by HostGator).
Following are the details of the specification.
Mysql Version 8.4.0
PHP 8.2 (ea-php82)
While logging in, Dolibarr faces the error “Security token has expired, so action has been canceled. Please try again”
Can anyone help me with this error?

Gribaudo · January 30, 2025, 9:50am

There are many threads on this forum regarding this error, try giving them a look
There is no single solution, maybe try disabling third-party modules.

rcedxb · February 2, 2025, 11:48am

There are other threads … I have been to all of them… can’t find the one where we don’t have access to the files that are handled only by the hosting admins.

XAXYXAX · February 5, 2025, 11:18am

I have the same error, cant even log in to the dolibarr. Tried to change crsf checks and idk

jonbendtsen · February 5, 2025, 5:18pm

which version of dolibarr and php? @XAXYXAX

caos30 · February 5, 2025, 7:14pm

Understanding Dolibarr’s Security Token System

The security token feature was implemented in Dolibarr a few years ago as a protection mechanism against automated bot attacks, particularly those attempting brute force submissions on web forms.

Current Limitation

When working with multiple browser tabs in Dolibarr, you may encounter a “security token” error message when trying to submit forms from different tabs simultaneously. This occurs because:

Each click within Dolibarr generates a unique security token
Only the most recently generated token is considered valid
Forms opened in different tabs contain different tokens, but only the latest one will be accepted

Technical Explanation

The system works as follows:

Every internal button click or menu link generates a new unique security token
This token must match when submitting a web form
The validation is tied to the browser session
You can work simultaneously using different browsers (e.g., Firefox, Chrome) without issues, as each maintains its own session

Troubleshooting Steps

If you’re experiencing token-related issues in circumstances where you shouldn’t have the problems explained above (for example trying to login to Dolibarr), follow these steps:

Disable all third-party modules
Verify if the problem persists
Re-enable modules one at a time to identify the problematic one(s)

Important Note

Third-party plugins that haven’t been updated in the past two years probably don’t handle security tokens correctly. It’s recommended to keep all modules updated to their latest versions to ensure proper functionality.

This information should help you understand and resolve any security token-related issues in your Dolibarr installation.