Hello,

The only reason that could possibly cause this is the site is cached extensively that the tokens are not replaced. So the question is probably, do you have caching enabled? Try turning it off first and see if you still hit the same issue.

Hi Mark,

I know, but system cache already disabled. So that is not about system cache.

Please provide the steps to reproduce this and also the access to the site with the FTP.

Alright, i just tried to log in my web site using easysocial login module. And then a message appeared "Invalid Token" on a white page, as you know

When I login using the module on the site, it works and I am logged in.

Yes, This doesnt occures every time, but sometimes. I am not sure what prompts this

I dont understand well

Please take a look at this : http://www.camcloud.com/blog/how-to-solve-invalid-token-error-with-joomla

Hm, are you idling for a long time before logging in? There could be possibility that the token has already expired when you are clicking on the login button.

yeah, that will be a problem for users especially with mobil phones. need to find a solution for this beside on clearing browser cache

There's no way around this unfortunately unless you increase the session life time This is necessary to prevent any XSS attacks.

Thanks Mark,

So, currently, session life time is 60 min. and session handler is database. There is also "none" option. What is the best settings for this. I think you have an idea about this, because you are an awasome developer;)

60 minutes is good enough I think? This allows users to idle for 59 minutes before hitting this error.