New - The security token in your request is invalid.

iNiC

Member
Aug 1, 2020
22
4
3
Earth
cPanel Access Level
Reseller Owner
Hi an thank you for reading.

ISSUE:
Several open tabs, each with different domain, times-out to "The security token in your request is invalid." and need to login again.

PROCESS: (can be repeated)
  1. Open WHM in Chrome
  2. In WHM, choose domain X and click CP (Cpanel). Domain X opens in new tab.
  3. In WHM, choose domain Y and click CP - domain Y opens in new tab.
  4. In WHM, wait about 60 seconds.
  5. Open domain X tab. Open a feature (suggest Email accounts button.)
  6. Open domain Y tab, and open any feature.
  7. Go get a tea. (or wait 5 minutes)
  8. Open domain X tab, click any feature and it jumps to CPanel login with error "The security token in your request is invalid."
  9. Open domain Y tab, click any feature and it jumps to CPanel login with error "The security token in your request is invalid."
  10. Publish the newly created cuss words :cool:
Workaround: failed (gets too muddled when jumping in and out of domain just to click.)
  • Close err'ed X and Y tabs.
  • Back to WHM.
  • Repeat steps 2 - 6 above, but type very fast, and switch between tabs every 45 seconds to click on anything to keep it alive.
  • Doesn't work either.

Specs:
  • cPanel Version 100.0 (build 11)
  • Apache Version 2.4.52
  • PHP Version 7.4.28
  • MySQL Version 10.3.34-MariaDB
  • Architecture x86_64
  • Operating System linux
  • Perl Version 5.16.3
  • Kernel Version 3.10.0-1160.42.2.el7.x86_64
NOTES:
These started when 54 accounts were moved from one server to another on same host.

Thank you,
~i
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,632
363
cPanel Access Level
Root Administrator
That sounds like normal behavior to me. In general, multiple cPanel accounts can't be accessed in the browser at the same time as the session secures the port, not a specific username/connection. It's been like this as long as I've been using cPanel.
 

iNiC

Member
Aug 1, 2020
22
4
3
Earth
cPanel Access Level
Reseller Owner
That sounds like normal behavior to me. In general, multiple cPanel accounts can't be accessed in the browser at the same time as the session secures the port, not a specific username/connection. It's been like this as long as I've been using cPanel.
Beg to differ because until our host moved us from one server to another "with a upgraded cPanel" we were able to work between cPanels as I described.
I provided the steps we use to use, but have since provided errors.
Perhaps the older server with older Cpanel we were on allowed sensible features like what I did two weeks ago for over 15 years.

Would opening a new browser window, instead of tabs work and restore efficiency?
What do you suggest I could do? There doesn't seem to be a work around. I'll starting searching out now what " /scripts/upcp --force " from @hmaddy means with " /scripts/upcp --force " as I do not have access to what I'm certain is Host permissions only.

Odd, I can use my browser and login to 2 or more domains Forums (example) each in their tab, and go between them - no issues. While here, I did just that. I opened another tab and went to a forums page elsewhere, auto-logged in and posted a comment and came back here. I know it's not the same thing, but it's darned close to what I mean. Just now, I did a search (for kids, it's "googled it") and I presuppose it means to force a upgrade on cPanel. I guess, that from what you tell me, it won't change anything.

BTW - I really do appreciate forum helpers/experts sharing your knowledge with us.
~i
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,632
363
cPanel Access Level
Root Administrator
Here's a request from 5 years ago asking for this behavior:


Here's a short discussion from 6 years ago:


It's possible the old server you mention had some setting or customization to allow this behavior, but I have no idea what that would have been.
 

iNiC

Member
Aug 1, 2020
22
4
3
Earth
cPanel Access Level
Reseller Owner
Here's a request from 5 years ago asking for this behavior:


Here's a short discussion from 6 years ago:


It's possible the old server you mention had some setting or customization to allow this behavior, but I have no idea what that would have been.
Webmail is too far removed from this issue of opening a more than 1 cPanel in 2 or more tabs to be of any use, especially since the referrals are old. This is about logging in to several cPanels via WHM, not multiple emails on the same domains.

Close, but "close" only counts in horseshoes and grenades :)

I can't imagine it not being a ability - to use WHM to open 2 or more domains cPanels.

I also found out that we are not permitted to right-click on C/P in WHM (beside domain name) and choose open in new window or open in new tab. It's new tab or nothing.

So, am I correct in saying that there is no way to use WHM to open more than 1 domains cPanel, without the 1st cPanel waking up the Token cop requiring logging in (whether incognito) is on or not again but now only direct through cPanel. We would need to contact our client, ask them for the password, and access multiple cPanel by direct cPanel login, not rely on WHM?
We require clients to pass a 146 Bit/24 Chan 32 character password check to include brackets and special characters. That's not easy over the phone. By email OK, but we ask them to change it again when we are done. By the other method of going in via WHM to multi-domains, we never had to bother the client.

Many thanks @cPRex
~i
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,632
363
cPanel Access Level
Root Administrator
I like the phrase "Token Cop"

The first feature request did mention cPanel as well, although I do think the original intention was webmail.

I did ask some other technicians working today about this behavior just to make sure I'm not crazy (well, at least about this particular issue.......) and everyone did confirm that it had always worked how I had seen as well. I'm really not sure what would have changed in your environment that would have allowed that on the older system. Could you reach out to the host to see if they had any custom settings there?
 

iNiC

Member
Aug 1, 2020
22
4
3
Earth
cPanel Access Level
Reseller Owner
I like the phrase "Token Cop"
[SIDEBAR]We're use to them here. Our city has water cops to make sure we don't over water, dog license cops that patrol parks and public places checking dog licenses, apple cops, yup apple cops too. They make sure we've sprayed sufficiently enough toxins to kill the coddling moth, pets and wayward kids. Too, there are the recycle cops. They randomly check recycle bins to make sure there is nothing in there shouldn't be there.
At this time of year, all the new beach-front properties are susceptible to flooding. Though they are not allowed to put up fences in order block beach-walk access to general public, they do. No cops for that, but there are beach cops patrolling to make sure there are no large gatherings over 12 people - need permit for that and all that was pre-COVID 19(84). At least our Token to apple cops don't drop bombs on us.

The first feature request did mention cPanel as well, although I do think the original intention was webmail.

I did ask some other technicians working today about this behavior just to make sure I'm not crazy (well, at least about this particular issue.......) and everyone did confirm that it had always worked how I had seen as well. I'm really not sure what would have changed in your environment that would have allowed that on the older system. Could you reach out to the host to see if they had any custom settings there?
So, you admit it then that some other technicians are as crazy as you are? :-D

I'm afraid to ask the Host any more questions because the last update I gave them was the @hmaddy command line(?) " /scripts/upcp --force" not knowing what it does/did/. Host just said they ran it as requested and updates complete. I didn't request it.

I'll give up on what I remember and think should be a strong feature and succumb to the idea that I was recently transported out of 1 Matrix and into another complete with new -things- where everyone is crazy except me. o_O

Thanks much all for your invaluable times,
~i
p.s. Possible workaround it:
  1. Via WHM, change cPanel passwords.
  2. Log into several domains cPanel using new password.
  3. Work between them, save and close
  4. Send notice to clients to change their password from the one I give (I used)
Testing that idea tomorrow.
---
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,632
363
cPanel Access Level
Root Administrator
So, you admit it then that some other technicians are as crazy as you are? :-D
Absolutely!

I really do wish I had a better explanation as I completely believe your experience, but I just have never seen that on my end. You could always open a feature request using the link in my signature and I can get our developers to review that.