I've tried in your site, it seems like I was unable to replicate this issue like you mentioned login then logout, after that login again.

But I did noticed if I login your site backend first, then I trying to login from your frontpage, I will hit following error :

Άκυρο Τεκμήριο (Token). Το security token δημιουργείται κατά τη επίσκεψή σας στη σελίδα μας για προστασία από ηλεκτρονικές επιθέσεις "Cross Site Request Forgery (CSRF)". Από ότι φαίνεται ήσασταν αδρανής στη σελίδα για αρκετό χρονικό διάστημα και για σκοπούς ασφαλείας δεν αναγνωρίστηκαν τα διακριτικά χρήστη σας, αφού είχε ήδη δημιουργηθεί ένα security token για απλό επισκέπτη. Παρακαλώ πλοηγηθείτε πίσω, κάντε μια ανανέωση (refresh) στον browser σας έτσι ώστε να δημιουργηθεί ένα νέο security token και δοκιμάστε ξανά. Αν το πρόβλημα εξακολουθεί να υφίσταται παρακαλούμε να επικοινωνήσετε με κάποιον από τους διαχειριστές.

Translated :

Cancel Presumption (Token). The security token is created during your visit to our site for protection against cyber attacks "Cross Site Request Forgery (CSRF)". Apparently you were idle on the page long enough for security purposes were not recognized your tokens user, having already created a security token for simple visitor. Please navigate back, do a refresh (refresh) in your browser in order to create a new security token and try again. If the problem persists please contact one of the administrators.

This is not you referring right?

Dear Arlex,

Yes this is the issue. We hit on it too many times per day.

Regards,

I suspect one of the plugin/component or server using this "Cross Site Request Forgery (CSRF)" protection, if you already logged in from your backend then at the same time you try to login frontend, you will hit this.

Άκυρο Τεκμήριο (Token). Το security token δημιουργείται κατά τη επίσκεψή σας στη σελίδα μας για προστασία από ηλεκτρονικές επιθέσεις "Cross Site Request Forgery (CSRF)". Από ότι φαίνεται ήσασταν αδρανής στη σελίδα για αρκετό χρονικό διάστημα και για σκοπούς ασφαλείας δεν αναγνωρίστηκαν τα διακριτικά χρήστη σας, αφού είχε ήδη δημιουργηθεί ένα security token για απλό επισκέπτη. Παρακαλώ πλοηγηθείτε πίσω, κάντε μια ανανέωση (refresh) στον browser σας έτσι ώστε να δημιουργηθεί ένα νέο security token και δοκιμάστε ξανά. Αν το πρόβλημα εξακολουθεί να υφίσταται παρακαλούμε να επικοινωνήσετε με κάποιον από τους διαχειριστές.

May i know did you have enable any security setting from your backend or install any 3rd party plugin or component recently?

Dear Arlex,

No we have not installed any other plugin or enabled any security setting as far as we can remember.

In addition, the issue happens even when the user is not logged in from the backend, because it happens to simple users as well.

Regards,

Hey Phivos,

I have no ideas why It seems like that was your cache system causing this issue, even login from Joomla form, it also hitting the same issue.

By the way when I disable this "System - Page Cache" plugin and turn off the cache system from backend global configuration + purge cache, it seems login work fine.

Can you give it a check is it work fine now?

Dear Arlex,

We delayed to reply in order to check the "cache" being disabled. Yes the problem disappears once the cache is disabled. Now we enabled it again. How can the issue be corrected?

Regards,

Hey Phivos,

I believe you just enable the system - cache plugin right? Actually it still work because you didn't enable the cache setting from backend global configuration page.

Currently I have no ideas how to solve this issue, seems this issue related with the Joomla.

Actually I already forgot what cache you enable from backend, I assuming you use this `Cache - Conservative` for your cache system, now I already switch on this and exclude 2 page not get cached on the site.
https://penaltara.com/callisto
https://penaltara.com/

Can you try multiple times login and logout and see is it work fine now?

Dear Arlex,

The issue persists. Any ideas?

Regards,

Hey Phivos,

I just tested again login > logout several times even login/logout from homepage or https://penaltara.com/callisto , it seems work fine for me.

You can check my video here : http://screencast.com/t/4I4yZXNSm

Can you try clear your browser cache or other browser before you try and see how it goes?

Dear Arlex,

The issue continues to occur, except if we try to login from the home page where you have put an exception in the plugin. But by having this exception means that the cache does not work for the homepage thus making it more slow to load. Is that correct?

Regards,

Hey Phivos,

The issue continues to occur, except if we try to login from the home page where you have put an exception in the plugin.

May i know which page you trying to login?

But by having this exception means that the cache does not work for the homepage thus making it more slow to load. Is that correct?

Yes, for the homepage it will not get cached, but I realised you have installed JCH optimize plugin, I believe this plugin also will help you speeds up your website by optimisation those gzip CSS and javascript files on the webpage.