#3893 Token mismatch error on every action
I'm getting token mismatch on every link I click, and I can get only to the main menu screen, nothing else is working.
I attach image where you can see the bug and the version of php, mysql and phpMyAdmin I'm using. Also I'm Windows 7 and using xampp 1.8.1 and Chrome/26.0.1410.64.
Also here is the config file I build it with the setup option:
/ Servers configuration /
$i = 0;
/ Server: 127.0.0.1 [1] /
$i++;
$cfg['Servers'][$i]['verbose'] = '';
$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['nopassword'] = true;
$cfg['Servers'][$i]['auth_type'] = 'http';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['AllowNoPassword'] = true;
$cfg['Servers'][$i]['CountTables'] = true;
/ End of servers configuration /
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['AllowArbitraryServer'] = true;
$cfg['UserprefsDeveloperTab'] = true;
$cfg['Error_Handler']['display'] = true;
4.2.10 but it was also already before.
I agree regarding the strong warnings but at least there would be an option. If a "DAU" is using PMA then he can anyway exploit his configuration.
The "token mismatch" message was annoying me that much so I decided to remove the check in the source code.
I can't speak for Peter, but we're still having the issue. Using PHP-FPM via mod_proxy_fcgid and HTTP auth for PMA.
After leaving PMA alone for a while, I see inconsistent info in the URL.
/index.php?db=&table=&server=1&target=&token=995b4698f00fc6837f882a9ef01c3579#PMAURL-3:sql.php?db=mydb&table=my_table&server=1&target=&token=b2486e2519cb2354222914d5a1da2509
Olivier,
"still" meaning phpMyAdmin 4.2.10 or 4.2.10.1?
That was on 4.2.10, but I've just upgraded, so I will let it rest and post an update within the hour.
Olivier, there was no fix for this between 4.2.10 and 4.2.10.1; I just wanted to see if you are up to date.
Do you see the token mismatch error only after a while, or immediately after login?
Ah :)
After a while.
The URL looks like this right now
#PMAURL-3:sql.php?db=mydb&table=my_table&server=1&target=&token=1e4e066f8e1ac060f751922609e088c5
Last edit: Olivier - interfaSys 2014-10-21
After a while, meaning after your PHP session has expired?
Yes, so after 24 minutes if I'm not mistaken (default value)
OK, so I waited and the URL didn't change...
Links have only one token, the same one as posted above, but I get a token mismatch when clicking on links.
I get the "double URL" when I hit refresh in the browser. It clears the token and I can access PMA again.
Last edit: Olivier - interfaSys 2014-10-21
A workaround for this problem has been added to the master branch of our GIT repository. Does that fix the issue for you?
Duplicate of https://sourceforge.net/p/phpmyadmin/bugs/4227/ and fixed for version 4.3
Thank you very much Madhura, Olivier for solving such long annoying bug.
Hi to all on here. I am having this same issue as the original poster. Difference is I am punching above my tech weight. It took me ages to get xampp installed on my local. I had to change permissions that I didn't know existed on my machine. Would it be possible to explain to a seriously tech knowledge deficient person like me how to solve this problem in a step by step explicit way. Would really appreciate any help I can get. I invested too much time to get installed at the outset to give up now. Did manage to actually get access again to myphpadmin after updating to the latest version but now I'm stuck at the same place as the original poster. Would hate to give up being so close to a fix but I am not understanding how to inplemement the solution you came to in the end. Thanks in advance of any potential help in helping a less techie guy! Cheers.
@Slave2theweb: this bug is fixed in 4.3, so wait for 4.3.0 release
That's really good news. Thanks for updating me Miroslav!
Hello everyone,
since 4.3.x the bug is even worse for me. In previous versions, I only got the "token mismatch" error while creating new users. Now it occurs after every second or third SQL query, which is annoying our users a lot. I had to put the "$token_mismatch = false;" workaround back into libraries/common.inc.php. It doesn't matter how long the user has been logged in, so the sessions are not expired.
CU, Patrick
Hi Patrick,
The issue you are facing is probably the same as https://sourceforge.net/p/phpmyadmin/bugs/4629/ It has been fixed and will be part of 4.3.2 release. Please find the patch at https://github.com/phpmyadmin/phpmyadmin/commit/e9b9526199577f9f1524114bc16cb1ea53d330c4
Hi,
indeed the patch solved the issue. Thanks a lot!
CU, Patrick