New - The security token in your request is invalid.

[iNiC]

Hi an thank you for reading.

ISSUE:
Several open tabs, each with different domain, times-out to "The security token in your request is invalid." and need to login again.

PROCESS: (can be repeated)

1. Open WHM in Chrome
2. In WHM, choose domain X and click CP (Cpanel). Domain X opens in new tab.
3. In WHM, choose domain Y and click CP - domain Y opens in new tab.
4. In WHM, wait about 60 seconds.
5. Open domain X tab. Open a feature (suggest Email accounts button.)
6. Open domain Y tab, and open any feature.
7. Go get a tea. (or wait 5 minutes)
8. Open domain X tab, click any feature and it jumps to CPanel login with error "The security token in your request is invalid."
9. Open domain Y tab, click any feature and it jumps to CPanel login with error "The security token in your request is invalid."
10. Publish the newly created cuss words

Workaround: failed (gets too muddled when jumping in and out of domain just to click.)

• Close err'ed X and Y tabs.
• Back to WHM.
• Repeat steps 2 - 6 above, but type very fast, and switch between tabs every 45 seconds to click on anything to keep it alive.
• Doesn't work either.

Specs:

• cPanel Version 100.0 (build 11)
• Apache Version 2.4.52
• PHP Version 7.4.28
• MySQL Version 10.3.34-MariaDB
• Architecture x86_64
• Operating System linux
• Perl Version 5.16.3
• Kernel Version 3.10.0-1160.42.2.el7.x86_64

NOTES:
These started when 54 accounts were moved from one server to another on same host.

Thank you,
~i

 

[hmaddy]

/scripts/upcp --force

 

[cPRex]

That sounds like normal behavior to me. In general, multiple cPanel accounts can't be accessed in the browser at the same time as the session secures the port, not a specific username/connection. It's been like this as long as I've been using cPanel.

 

[iNiC]

That sounds like normal behavior to me. In general, multiple cPanel accounts can't be accessed in the browser at the same time as the session secures the port, not a specific username/connection. It's been like this as long as I've been using cPanel.

Beg to differ because until our host moved us from one server to another "with a upgraded cPanel" we were able to work between cPanels as I described.
I provided the steps we use to use, but have since provided errors.
Perhaps the older server with older Cpanel we were on allowed sensible features like what I did two weeks ago for over 15 years.

Would opening a new browser window, instead of tabs work and restore efficiency?
What do you suggest I could do? There doesn't seem to be a work around. I'll starting searching out now what " /scripts/upcp --force " from @hmaddy means with " /scripts/upcp --force " as I do not have access to what I'm certain is Host permissions only.

Odd, I can use my browser and login to 2 or more domains Forums (example) each in their tab, and go between them - no issues. While here, I did just that. I opened another tab and went to a forums page elsewhere, auto-logged in and posted a comment and came back here. I know it's not the same thing, but it's darned close to what I mean. Just now, I did a search (for kids, it's "googled it") and I presuppose it means to force a upgrade on cPanel. I guess, that from what you tell me, it won't change anything.

BTW - I really do appreciate forum helpers/experts sharing your knowledge with us.
~i

 

[cPRex]

Here's a request from 5 years ago asking for this behavior:

Multiple simultaneous logins to webmail (and cpanel/whm) in the browser

As an cPanel webmail user I would like the ability to open multiple authenticated webmail sessions in a single browser to the same cPanel server. For exa

features.cpanel.net

Here's a short discussion from 6 years ago:

Logging into multiple accounts on the same domain

I use cPanel on my servers; but I've just started using a third party email service. Unfortunately, this means that I'd like to log into cPanel (technically email, i.e. port 2096) twice - once for each of my two main email accounts. I have a script that I use that can auto-log me in (which I...

forums.cpanel.net

It's possible the old server you mention had some setting or customization to allow this behavior, but I have no idea what that would have been.

 

[iNiC]

Here's a request from 5 years ago asking for this behavior:

Multiple simultaneous logins to webmail (and cpanel/whm) in the browser

As an cPanel webmail user I would like the ability to open multiple authenticated webmail sessions in a single browser to the same cPanel server. For exa

features.cpanel.net

Here's a short discussion from 6 years ago:

Logging into multiple accounts on the same domain

I use cPanel on my servers; but I've just started using a third party email service. Unfortunately, this means that I'd like to log into cPanel (technically email, i.e. port 2096) twice - once for each of my two main email accounts. I have a script that I use that can auto-log me in (which I...

forums.cpanel.net

It's possible the old server you mention had some setting or customization to allow this behavior, but I have no idea what that would have been.

Webmail is too far removed from this issue of opening a more than 1 cPanel in 2 or more tabs to be of any use, especially since the referrals are old. This is about logging in to several cPanels via WHM, not multiple emails on the same domains.

Close, but "close" only counts in horseshoes and grenades

I can't imagine it not being a ability - to use WHM to open 2 or more domains cPanels.

I also found out that we are not permitted to right-click on C/P in WHM (beside domain name) and choose open in new window or open in new tab. It's new tab or nothing.

So, am I correct in saying that there is no way to use WHM to open more than 1 domains cPanel, without the 1st cPanel waking up the Token cop requiring logging in (whether incognito) is on or not again but now only direct through cPanel. We would need to contact our client, ask them for the password, and access multiple cPanel by direct cPanel login, not rely on WHM?
We require clients to pass a 146 Bit/24 Chan 32 character password check to include brackets and special characters. That's not easy over the phone. By email OK, but we ask them to change it again when we are done. By the other method of going in via WHM to multi-domains, we never had to bother the client.

Many thanks @cPRex
~i

 

[cPRex]

I like the phrase "Token Cop"

The first feature request did mention cPanel as well, although I do think the original intention was webmail.

I did ask some other technicians working today about this behavior just to make sure I'm not crazy (well, at least about this particular issue.......) and everyone did confirm that it had always worked how I had seen as well. I'm really not sure what would have changed in your environment that would have allowed that on the older system. Could you reach out to the host to see if they had any custom settings there?

 

[iNiC]

I like the phrase "Token Cop"

[SIDEBAR]We're use to them here. Our city has water cops to make sure we don't over water, dog license cops that patrol parks and public places checking dog licenses, apple cops, yup apple cops too. They make sure we've sprayed sufficiently enough toxins to kill the coddling moth, pets and wayward kids. Too, there are the recycle cops. They randomly check recycle bins to make sure there is nothing in there shouldn't be there.
At this time of year, all the new beach-front properties are susceptible to flooding. Though they are not allowed to put up fences in order block beach-walk access to general public, they do. No cops for that, but there are beach cops patrolling to make sure there are no large gatherings over 12 people - need permit for that and all that was pre-COVID 19(84). At least our Token to apple cops don't drop bombs on us.

The first feature request did mention cPanel as well, although I do think the original intention was webmail.

I did ask some other technicians working today about this behavior just to make sure I'm not crazy (well, at least about this particular issue.......) and everyone did confirm that it had always worked how I had seen as well. I'm really not sure what would have changed in your environment that would have allowed that on the older system. Could you reach out to the host to see if they had any custom settings there?

So, you admit it then that some other technicians are as crazy as you are?

I'm afraid to ask the Host any more questions because the last update I gave them was the @hmaddy command line(?) " /scripts/upcp --force" not knowing what it does/did/. Host just said they ran it as requested and updates complete. I didn't request it.

I'll give up on what I remember and think should be a strong feature and succumb to the idea that I was recently transported out of 1 Matrix and into another complete with new -things- where everyone is crazy except me.

Thanks much all for your invaluable times,
~i
p.s. Possible workaround it:

1. Via WHM, change cPanel passwords.
2. Log into several domains cPanel using new password.
3. Work between them, save and close
4. Send notice to clients to change their password from the one I give (I used)

Testing that idea tomorrow.
---

 

[cPRex]

So, you admit it then that some other technicians are as crazy as you are?

Absolutely!

I really do wish I had a better explanation as I completely believe your experience, but I just have never seen that on my end. You could always open a feature request using the link in my signature and I can get our developers to review that.