HTTP error 401Invalid Security TokenThe requested URL does not contain your session’s correct security token

[droplesoftech]

i get this error when am performing some functions like editng .htaccess or wp-config and alot more. below is the error i get;

HTTP error 401
Invalid security token
The requested URL does not contain the correct security token for your session.

The reason for this error may be that you copied a URL in another cPanel, WHM or Webmail session and pasted it into the address bar of the browser. To resolve the issue, do one of the following:

Go back one page and reload the url to ensure that the / cpsess… / section is unchanged.
Retype your account password below. This will assign a new security token to your session. This new token prevents you from accessing other pages of this application that may be open on other tabs.
request information
Requested page: 403.shtml



And when i retype my password again i get this error back;

HTTP error 404
The requested page could not be found.

Possible reasons for displaying this page:
A bookmark's URL may have changed since your last visit.
URL was not entered correctly.
The URL was entered with incorrect upper or lower case letters (URLs are case-sensitive).
Check the entered URL again. (Back).

this is really fustrating since i cant work in my cpanel, please help solve this issue asap. thanks

 

[cPanelLauren]

How are you accessing the URL for cPanel? IP address or Domain name? Are you using an older link with a potentially invalid cpsession token added?

 

[droplesoftech]

i access it by domain name, and it works but when i want to perform certain actions or when editing some files then i get that error.

 

[cPanelLauren]

Are you using anything like CloudFlare for the domain? If you have access to WHM you may also want to check your settings for Cookie Ip Validation in Tweak Settings (default is strict)

Cookie IP validation
Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.

as well as the Referrer/Blank Referrer Safety Check options:

Blank referrer safety check Only permit cpanel/whm/webmail to execute functions when the browser provides a referrer. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

Referrer safety check Only permit cpanel/whm/webmail to execute functions when the browser provided referrer (Domain/IP and Port) exactly matches the destination URL. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

 

[droplesoftech]

nope, am not using any CloudFlare for the domain. the system is on cloudlinux. this wasnt an issue about a moth ago and i have not also made any changes to the system, and i do have have access to whm.

 

[droplesoftech]

the issue is all files are editable and can view them except .htacces and wp_config only these two files are giving me issuess

 

[cPanelLauren]

I'd say if you're still experiencing this issue you open a ticket. Those two files would have different permissions than the rest but should not cause the issues you're seeing.