logging in token

When I am logging in on a regular user account, it will not accept the password

it takes me to another login page (my url " /member.php" as the ending of the URL)

it says in red there "token expired please try again"

I use the EXACT same password

from there it takes me to a weird page with the url of https://mergedia.una.io/studio/builder_page.php?type=custom&page=Welcome-to-Mergedia

this page asks for the email and password again but there is nothing on the page except for an email and password and enter box. (also a remember me checkbox but the remember me thing is useless here and does nothing so I have been deleting them) 

I enter the same password and can finally get into the site.

How can I fix this and bypass all the extra layers of login pages and just log in?

Thanks!

  • View
    5929
  • More
Replies (7)

    • Hello Mergedia !

      You may try to increase the "CSRF token lifetime in seconds(0 - do not track time) " parameter in Studio->Settings->Security 

      • I'm going to try this too, by doubling the time.  I just turned off CSRF in the meantime and now all my pages dont get expired tokens when editing...
        whats strange is im not taking 86,000 sseconds or longer to edit them. usually about 3 minutes.
        unless thats being parsed as milliseconds... :) or picoseconds ;)
        also, Mergedia , unless you have mod rewrite installed, this error will happen with login, i had noticed that with my installation, and properly adding mod_rewrite to my apache fixed this. Because on login, via the settings in the htaccess file, unless you have re-write enabled, the only way into una is to circumvent the stale page (because re_write isnt working.) you have to reload the page, or click the nav bar and home to get a totally new page re-written, and you will be logged in because una finds the login cookie, but when you have set up re-write correctly within apache (i dont know how the ginx works), ... it will correctly parse the .htaccess files mod_rewrite rules, and load the homepage correctly after you log in.

        • I just set this to zero because it kept happening to me too. But what happens if I turn it completely off? What is the risk?

          • Oh wow! That was way above my level of understanding lol but I understand it was happening to you too! Thank you! I will try to do what Leonid said and see if that fixes it! :-)

            • Leonid, can I just uncheck this box? "Enable CSRF token in forms"

               putting the "CSRF token lifetime in seconds " to zero didn't work but I think unchecking that token box entirely, worked! YAY! 

              is there any problem with removing the tokens?


              THANKS! :-)

              • Yes, you may try to uncheck it to test it.If it will help then please provide me your UNA studio access via Messenger.

                • on UNA 13.0.0 RC2 I set the "CSRF token lifetime in seconds" to "0" and now I can't log into any of my site even at /studio any thought on this..?

                  Login or Join to comment.