Mautic Community Forums

Invalid CSRF token at install

When attempting to install Mautic I get the following error under Mautic Installation - Environment Check and i cannot get to the next step:

The CSRF token is invalid. Please try to resubmit the form.



When I check the server error log I get the following errors:

20151013T112408: www.website.com/mautic/index.php/s/ajax

PHP Warning: SessionHandler::read(): open(/var/php_sessions/sess_33028e14f2dab7e77692cf5e00c8f707, O_RDWR) failed: No such file or directory (2) in /path/to/mautic/app/cache/prod/classes.php on line 411

PHP Warning: SessionHandler::write(): open(/var/php_sessions/sess_33028e14f2dab7e77692cf5e00c8f707, O_RDWR) failed: No such file or directory (2) in /path/to/mautic/app/cache/prod/classes.php on line 415



any ideas on how to fix this?

So it works for 1.1.3? That’s a good lead. Now we have to figure out what has changed in 1.2.0 that could cause it.

When attempting to install Mautic I get the following error under Mautic Installation - Environment Check and i cannot get to the next step:
The CSRF token is invalid. Please try to resubmit the form.

When I check the server error log I get the following errors:
20151013T112408: www.website.com/mautic/index.php/s/ajax
PHP Warning: SessionHandler::read(): open(/var/php_sessions/sess_33028e14f2dab7e77692cf5e00c8f707, O_RDWR) failed: No such file or directory (2) in /path/to/mautic/app/cache/prod/classes.php on line 411
PHP Warning: SessionHandler::write(): open(/var/php_sessions/sess_33028e14f2dab7e77692cf5e00c8f707, O_RDWR) failed: No such file or directory (2) in /path/to/mautic/app/cache/prod/classes.php on line 415

any ideas on how to fix this?

Seems to me that PHP doesn’t have permission to read the session. Check that with your server provider.

Well I finally just installed an older version 1.1.3, because I, nor the hosting support guy could figure out what the issue was.

Hi, still the same problem with 1.2.2 any solution in the pipline?

Sadly, no. We don’t know what is causing it. It happens only in a couple of community members servers and we (developers) are not able to replicate it on our servers.

Work Around: Commenting out the session cookie domain has allowed me to install v1.1.3. Any idea why this is not valid for Mautic? ; session.cookie_domain = *.neronlineenterprises.com

I’m also getting this “The CSRF token is invalid. Please try to resubmit the form.” error trying to install the latest version 1.2.2. Other applications like WordPress, SPIP installed on this domain are working fine so PHP session settings don’t seem to be the issue.

There wasn’t anything in my error logs when trying to install the previous version.

Now I find this:
[03-Nov-2015 05:23:20 UTC] PHP Fatal error: Class ‘MauticAssetBundleEventListenerFormSubscriber’ not found in xxx/public_html/mautic/app/cache/prod/classes.php on line 2250

I deleted the cache folder and installed again. No joy.

I added the security_local.php and commented out csrf. No joy.
‘main’ => array(
‘pattern’ => “^/s/”,
‘form_login’ => array(
// ‘csrf_provider’ => ‘form.csrf_provider’,
‘success_handler’ => ‘mautic.security.authentication_handler’,
‘failure_handler’ => ‘mautic.security.authentication_handler’,
‘login_path’ => ‘/s/login’,
‘check_path’ => ‘/s/login_check’
),

I installed 1.1.3 and get the same CSRF error.

FYI: PHP Version 5.5.30

@neronline the error says that a class is missing. Could you check your Mautic has this file?:

app/bundles/AssetBundle/EventListener/FormSubscriber.php

If not, make sure all the files were uploaded. I’d do it by removing all files you’ve uploaded and upload Mautic files freshly downloaded from https://www.mautic.org/download/ and unzipped.

Hi,

Just wanted to say thanks for this. I was seeing this same “The CSRF token is invalid. Please try to resubmit the form.” error during the install.

Telling php to use a directory where it had permission did the trick for me.

Hopefully this is helpful to someone else:
I have nginx/php-fpm running mautic and pointing php sessions to a location that nginx had rw access too.

Here is what I did to get it working for me.

# Centos 7
# /etc/php-fpm.d/www.conf
[www]
listen = /var/run/php5-fpm.sock
listen.owner = nginx
listen.group = web
listen.allowed_clients = 127.0.0.1
user = nginx
group = web
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/www/<non-public-directory>/sessions
# Centos 7
chown -R nginx:web /var/www/<non-public-directory>/sessions
systemctl restart php-fpm

Solved!

Based on what jfgrissom said I changed my php.ini file, so I could change the session folder and give it write permission.

I’m not a PHP nor a Linux specialist but I could overpass this error.

I don’t know what will be the side effect of what I did. Hope you specialists warn me if it’s somewhat critical.

Here the steps:

  • I created a new folder on my host environment called phpsessions
  • Set the writeble permissions
  • Changed the php.ini file:

;session.save_path = “/var/lib/php-cgi/session”
session.save_path = “/home/storage/7/9c/c2/mylogin/phpsessions”

Hope it helps…

I wasn’t seeing this error at install, but instead the first time I was logging in after install.

I followed the directions from rafael.aca to get it working (on shared hosting, no less), but I created the phpsessions directory at home instead.

Thank you!

I will proudly provide one occurence in cloud Mautic ! (please help :wink: )

Hi @escopecz , I was able to replicate this issue from a fresh install of Mautic 1.3.1.

“The CSRF token is invalid. Please try to resubmit the form.”

I tried to install Mautic on FortRabbit. And I get this error after clicking on the Next Step button of the very first page.

If it helps, I can give you access to the FortRabbit account which I specifically created for testing Mautic.

Thanks!
Ian

Hello,
We have the same problem, glad to help with the solution.

We updated PHP PHP 5.6.17 and uploaded PDO ovladaře, otherwise Mautic nspustil. Now it all goes only in the logo pops up this error, but the function of Mauticu seems that it has no significant effect.

[02/27/2016 12:33:44] mautic.WARNING: PHP Warning: SessionHandler :: write (): open (/ var / lib / php5 / sessions / sess_v5p6745802pilu7sprn3bkvp71, O_RDWR) failed: No such file or directory (2 ) - in file /xxx/mtc/app/cache/prod/classes.php - at line 415 [] [] [02/27/2016 12:33:44] mautic.WARNING: PHP Warning: SessionHandler :: read (): open (/ var / lib / php5 / sessions / sess_s8cv418psqbol5ug2r678fu382, O_RDWR) failed: No such file or directory (2 ) - in file /xxx/subdomains/mtc/app/cache/prod/classes.php - at line 411 [] []

app / Bundles / AssetBundle / EventListener / FormSubscriber.php I checked and it is present.

I help in finding errors in some other way?

We had the same problem when using Safari, but switching to Chrome or Firefox when accessing Mautic resolved the problem. (This could be due to cookies present in Safari as other users reported that clearing cookies resolved the problem temporarily at least.)