#3893 Token mismatch error on every action
I'm getting token mismatch on every link I click, and I can get only to the main menu screen, nothing else is working.
I attach image where you can see the bug and the version of php, mysql and phpMyAdmin I'm using. Also I'm Windows 7 and using xampp 1.8.1 and Chrome/26.0.1410.64.
Also here is the config file I build it with the setup option:
/ Servers configuration /
$i = 0;
/ Server: 127.0.0.1 [1] /
$i++;
$cfg['Servers'][$i]['verbose'] = '';
$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['nopassword'] = true;
$cfg['Servers'][$i]['auth_type'] = 'http';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['AllowNoPassword'] = true;
$cfg['Servers'][$i]['CountTables'] = true;
/ End of servers configuration /
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['AllowArbitraryServer'] = true;
$cfg['UserprefsDeveloperTab'] = true;
$cfg['Error_Handler']['display'] = true;
The problem is present also in 4.1.6 whenever I try to create a user if using a tcp connection, with session.auto_start=0 I have a "token mismatch" error, with session.auto_start=1 I have a "session expired" error, I think that after clicking the "go button" and executing server_privileges.php the token is regenerated.
I get the same problem with the latest PMA 4.1.5 and the URLs have 2 tokens, as described by Kissaki.
It didn't happen on mod_php, but now that we've switched to PHP-FPM, the token times out.
It doesn't happen with other apps, such as Horde, which also use the PHP session defaults (memcached), but PMA is the only one using http auth, if that makes a difference.
Last edit: Olivier - interfaSys 2014-01-19
In 4.1.8, I don't have the double token in the URL any more, but I still get a token mismatch alert after I let PMS sit idle for a while.
Hi,
we are using phpMyAdmin remotely on our RHEL5 servers. Some minor versions ago suddenly this error occured. It is not possible to create users via phpMyAdmin since then, we are getting "Token mismatch" everytime. All other functions are working fine.
It doesn't matter how long a session has been running. Even immediately after logging in and trying to create a user the message pops up. I've tried all mentioned possible fixes, but none of them works.
I can confirm that since 4.1.8 the two tokens in the URL are the same, but it doesn't solve the issue.
Kind regards
..don't use space characters in your pma-folder name!
.Loon
Hey
i have the same problem as Patrick Holz
Last edit: Nosxxx 2014-02-25
4.1.10 some issue. I cannnot add user from PMA - token mismatch
@stalker37: I have no problem adding a user under 4.1.10.
Hmm.. I'm using nginx -> proxy 2 apache and ssl connect.
PMA connect to mysql through tcp.
mysql cli from webserver working fine.
@stalker37: did it work for you in 4.1.9?
PMA 4.0.10 working fine on that setup
4,1,9 not working too
I discovered AuthenticationCookie::authCheck() function has incorrect $GLOBALS['server'] value (1 instead 4 in my case), it breaks follow condition:
if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']])) {
phpMyAdmin 4.1.14
Last edit: Vitaly Lipatov 2014-05-08
Still seeing mismatch error when creating user on 4.2.2
Done same as thread outlines, can log in fresh and as quickly as you can go to create user and click go, the mismatch error throws and you are dead in the water until you go and log in fresh again. Rather frustrating that I have to create my users at the CLI and then I can manage their permission through PMA. This is the only place I have experienced the mismatch error on 4.2.2 but have only been using it a couple of days.
It's actually this ajax call that causes the issue (it resets the cookie):
/server_privileges.php?ajax_request=true&token=***&validate_username=true&username=***
The quick fix is just to disabled it:
/js/server_privileges.js line 188-209
Comment out:
/*
$("#fieldset_add_user_login input[name='username']").live("focusout", function () {
***snip****
});
*/
You can now add users again :)
Last edit: bvhz 2014-05-23
4.2.2 not working on Firefox (latest) and Chrome (latest)
Same problem here multi-server phpmyadmin configuration. As soon as a user is created on a server (not the first one), i'm getting an token mismatch error, due to the ajax request, which checks for a duplicate username.
I was able to fix this behavior by with this litte PR. I also edited the error_handling.js, because after an JS-error occurred, i got the token mismatch message too.
https://github.com/phpmyadmin/phpmyadmin/pull/1225
@simonswine: I have cherry-picked your patch for the upcoming 4.2.4 release, thanks.
Thispatch resolves a 12 months nightmare ... thanks Roger
Inviato con AquaMail per Android
http://www.aqua-mail.com
Il 14 giugno 2014 15:23:27 "Marc Delisle" lem9@users.sf.net ha scritto:
Related
Bugs:
#3893@ro bo: Please clarify: by nightmare, do you mean the case of token mismatch following a user creation, or another case?
this happen on : 4.2.5
when I updated my list of servers :
my config.inc.php
$servers = parse_ini_file("/data/www/photobox/configuration/db.config.ini.php",true);
$hosts = array();
foreach($servers as $server)
{
if ($server['driver'] === 'mysql')
{
$port = empty($server['port']) ? '' : ':'.$server['port'];
$hosts[] = $server['hostname'].$port;
}
}
$hosts = array_unique($hosts);
usort($hosts, 'version_compare');
foreach ($hosts as $host) {
$i++;
$cfg['Servers'][$i]['host'] = $host;
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['controluser'] = '';
$cfg['Servers'][$i]['controlpass'] = '';
$cfg['Servers'][$i]['auth_type'] = 'http';
}
decision
http://lphp.ru/article/402.html
Yes, it is unbelievable annoying! Just like Apple: They decide what is good for the people and what do they need and what do they not need!
I am using PMA behind a firewall without any public access and it would be an important feature to disable this annoying token check. You can get rid of this:
In the script libraries/common.inc.php look for this code [line ~460]:
if (PMA_isValid($_REQUEST['token'])) { $token_mismatch = ($_SESSION[' PMA_token '] != $_REQUEST['token']); }add this line after the if and the pain has an end:
Best Regards,
Peter,
which version are you running and where do you see the Token mismatch error?
If we added a way to disable this, we would need strong warnings as not every server is behind a firewall, and the token is our best defense mechanism against external attacks.