Login Loop, "Token expired. Please reload page", "CSRF check failed"


#1

Problem:

  1. When you login to ownCloud you’re redirected back to the Login page
  2. You’re getting a “Token expired. Please reload page” message when trying to login
  3. You’re getting a “CSRF check failed” message when trying to login

There are various environmental issues / PHP configuration problems known which is causing the described behaviors. Please see the following github comment for a summary how to fix your environment: https://github.com/owncloud/core/issues/25927#issuecomment-262703655




Older FAQ below:

Problem:

I’m getting a:

msg {"data":{"message":"Token expired. Please reload page.","error":"token_expired"},"status":"error"}

error when logging in.

Additional infos:

A deeper look into the data/owncloud.log could also show:

{"app":"PHP","message":"session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (\/var\/lib\/php5) at \/var\/www\/owncloud\/lib\/private\/session\/internal.php#52","level":3,"time":"2014-08-26T19:45:05+00:00"}

Solution:

There are several steps to check:

  1. The path/folder configured with the php.ini directive session.save_path exists
  2. The user running your webserver / PHP process needs to be able to access the path/folder configured with the php.ini directive session.save_path
  3. The user running your webserver / PHP process needs to be able to write into the path/folder configured with the php.ini directive session.save_path
  4. No security module like SELinux is blocking the access to the path/folder configured with the php.ini directive session.save_path
  5. There is enough space available on the path/folder/partition configured with the php.ini directive session.save_path
  6. If you’re running a custom theme disable it in your config/config.php

Error CSRF check failed
CSRF Check failed -- Access Forbidden on new installations
Access forbidden CSRF check failed
Login-loop in Webpanel
#2