CPANEL-43326 - The security token is missing from your request.
-
Hello AndyX! Are you accessing the cPanel or WHM login from a bookmark that contains a session token or ID? 0 -
Hi Justin, I access from a bookmark, here's an example of the URL: https://domain.com:2083/0 -
I was able to replicate this; however, this appears to be expected behavior. If you would like, you can submit a feature request using the "Submit a Feature Request" link in my signature. Our feature request site is actively reviewed and curated by our development team to identify potential future build plans and accept ideas and suggestions from our community. Adding a feature request here will allow the rest of cPanel's users to vote for it if it's something they would like to see implemented as well. While we cannot guarantee that all requests will be accepted, this is the best way to make suggestions visible to the teams that build cPanel. Additionally, you can also open a support ticket using the "Submit a ticket" link in my description to see if our analyst may be able to determine a workaround for the issue. If you decide to open a ticket, please provide the ticket number here to follow the ticket and update this thread with the resolution if possible. 0 -
You can also prevent this warning by logging out of the cPanel account properly before closing the browser. I tested this myself, and I no longer experiencing the warning upon the next login. The only additional step involved here is clicking the Logout option in cPanel before closing the browser. I hope that this helps! 0 -
You can also prevent this warning by logging out of the cPanel account properly before closing the browser. I tested this myself, and I no longer experiencing the warning upon the next login. The only additional step involved here is clicking the Logout option in cPanel before closing the browser. I hope that this helps!
Hi Justin, Sorry but this does not solve the issue. Logging out only sets a cookie. However as I explained in my first post, I use Firefox and the preference setting is to delete all cookies when I exit Firefox. so logging out "properly" is not a solution. The solution is to eliminate this erogenous message which is only found on cPanel and nowhere else on any other websites that I know of.0 -
I'm sorry to hear that. With that being said, I do see that the feature request has been submitted. Other users in the community experiencing this issue can now vote on the feature request, further allowing our developers to review and consider this request. Thanks! 0 -
Update on this bug. If cookies are cleared and I open a new tab and go to the following URL: https://domain.com:2083
the login page does not show the "The security token is missing from your request." error message. However if I'm already logged into cPanel on one tab and I open a new tab, go to cPanel URL I get the "The security token is missing from your request." error message and a login page. This seams to be a bug, I'm already logged into cPanel on another tab, why does the second tab initiate a login, it should just go directly into cPanel home page.0 -
Hello! I can't seem to replicate this as of yet. I am guessing you're able to fully replicate it without issue? Would you be able to open a ticket using the link in my signature, or ask your web hosting provider to do so if you can't? I believe this would warrant a look. Please update me with the ticket ID if you do so. 0 -
I am guessing you're able to fully replicate it without issue?
Yes I can replicate on many of the web hosting accounts I have at KnownHost. I asked KnownHost's tech support about this issue and they tell me: [quote]This is actually the expected behavior of cPanel. It behaves like this so that a valid security token can not be pulled from your current active session and then used on another session somewhere else. This is what is known as cross site request forgery. This article has some details on those:https://owasp.org/www-community/attacks/csrf
0 -
It sure would be nice if cPanel just eliminated this warning message. The message is redundant and only serves to warn about nothing. It's pretty obvious a log in is required. 0 -
@AndyX - I agree. I've made improvement case CPANEL-43326 to let our developers know, and maybe we can change or remove that in a future release, since it really just confuses the end user. 0 -
Thank you, Rex. 0 -
It looks like this thread was originally started during some days I had off, or else I would have done this for you years ago :D 0 -
I can't find any mention of CPANEL-43326 in https://docs.cpanel.net/changelogs/releases/ does this mean it's not fixed yet?
0 -
I don't see that this has received any action. I reached out to the team just now and it looks like someone is going to pick this up soon, but that's the best update I have.
1 -
Thank you, Rex. It would be great to see this issue fixed.
0 -
I talked at length with the development team about this and it sounds like they are either going to remove that warning completely or change the wording so it actually says something helpful to the end user.
0 -
Thank you Rex. Please ask the development team to remove the warning. We don't want another confusing message or false warning.
1 -
Hi All,
I'm getting this error when logging into cpanel on my Temok hosted account, but only in Firefox, Chrome is OK. It allows me to log in and then a few seconds later kicks me out and shows this error message (See video) .
Any suggestions?
Regards
Mark
0 -
Stephen Mark - is it possible you're on a network where your IP address is changing frequently?
0 -
Hi cPREX, Nope, working from home via Virgin media, IP hardly ever changes. My Virgin hub is in modem only mode and connects into a ubiquitit DReam Machine Pro which handles firewall.
0 -
I don't have a great explanation for that behavior, but the issue does seem to be isolated to that particular browser.
If you open a private window does the problem still happen with Firefox?
0 -
Hi cPREX,
Interesting, no it doesn't. Of course, I don't get my dark theme. but it's usable. :)
Regards
Mark
0 -
I'm wondering if it could be caused by a plugin, as private mode usually disables those.
0 -
Hi cPRex,
Yep, that's it. I had already started to look at that for the same reason.
Turns out it's the "Dark Reader" extension in Firefox. Pity as I have eye issues and I prefer my websites dark themed if possible.
EDIT:
Found a solution. You can either turn off DR for the site (Alt+Shift+A) or on the cPanel login page, click on the DR icon on the Firefox menu bar then click "More" and change the "Theme generation mode" to anything other than Dynamic (the default), that also resolves it.
0
Please sign in to leave a comment.
Comments
26 comments