HTTP error 401Invalid Security TokenThe requested URL does not contain your session’s correct security token

Operating System & Version
CLOUDLINUX 7.7 kvm
cPanel & WHM Version
v84.0.21

droplesoftech

Registered
Mar 3, 2020
4
0
1
Germany
cPanel Access Level
Root Administrator
i get this error when am performing some functions like editng .htaccess or wp-config and alot more. below is the error i get;

HTTP error 401
Invalid security token
The requested URL does not contain the correct security token for your session.

The reason for this error may be that you copied a URL in another cPanel, WHM or Webmail session and pasted it into the address bar of the browser. To resolve the issue, do one of the following:

Go back one page and reload the url to ensure that the / cpsess… / section is unchanged.
Retype your account password below. This will assign a new security token to your session. This new token prevents you from accessing other pages of this application that may be open on other tabs.
request information
Requested page: 403.shtml




And when i retype my password again i get this error back;

HTTP error 404
The requested page could not be found.

Possible reasons for displaying this page:
A bookmark's URL may have changed since your last visit.
URL was not entered correctly.
The URL was entered with incorrect upper or lower case letters (URLs are case-sensitive).
Check the entered URL again. (Back).


this is really fustrating since i cant work in my cpanel, please help solve this issue asap. thanks
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
Are you using anything like CloudFlare for the domain? If you have access to WHM you may also want to check your settings for Cookie Ip Validation in Tweak Settings (default is strict)

Cookie IP validation
Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.
as well as the Referrer/Blank Referrer Safety Check options:


Blank referrer safety check
Only permit cpanel/whm/webmail to execute functions when the browser provides a referrer. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.
Referrer safety check
Only permit cpanel/whm/webmail to execute functions when the browser provided referrer (Domain/IP and Port) exactly matches the destination URL. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.
 

droplesoftech

Registered
Mar 3, 2020
4
0
1
Germany
cPanel Access Level
Root Administrator
nope, am not using any CloudFlare for the domain. the system is on cloudlinux. this wasnt an issue about a moth ago and i have not also made any changes to the system, and i do have have access to whm.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
I'd say if you're still experiencing this issue you open a ticket. Those two files would have different permissions than the rest but should not cause the issues you're seeing.