Can't log into Matomo

wlr13 · July 11, 2023, 2:39pm

Hi,

I’m having issues with logging into Matomo after editing the config.ini.php file. What I edited was the database information because I imported a backup database into MySQL. That part was successful, editing the config.ini.php file was successful because I got the login page afterwards but it doesn’t recognize my superuser login credentials that I created when I initially setup Matomo. It just says wrong username and password or an error stating the form security failed because of a token mismatch. Has anyone run into this issue?

MisterGenest · November 14, 2024, 2:33pm

Hello @wlr13,

You say this started after you edited the config file.

I recommend that you comment out some, or all of that file, except for the top 20 lines or so, where your password is.

Then see if you can log in. And then re-introduce config lines one by one to isolate which line is the problem.

I suspect the setting
force_ssl = 1
would cause a problem, for example, if your https is not set up correctly.

MisterGenest · November 14, 2024, 2:37pm

I know some folks might end up here because they are getting the error too:
Error: The form security failed because of a token mismatch. Please reload the form and check that your cookies are on.

Here are general tips:

That error occurs only if the stored token and the submitted one do not match.
Possible reasons could be that the token was already invalidated by another request or storing it in the session failed for any reason.
if cookies are disabled / not allowed that might also happen.
Did you change anything on your Matomo instance. Maybe the apache config was changed or similar. Or it had been https and not it isn’t anymore…

A simple way to check if cookies are on, in your browser, is to go to the dev tools console and execute this, or just look at that object property:

if (navigator.cookieEnabled) {
    console.log("Cookies are enabled.");
} else {
    console.log("Cookies are disabled.");
}

heurteph-ei · November 18, 2024, 1:59pm

Hi @MisterGenest

It could be good to add this check directly in the Matomo code

MisterGenest · November 21, 2024, 12:17am

You’re right @heurteph-ei .
I made it just now:

github.com/matomo-org/matomo

[Enhancement] Improve this error message by appending two checks: form security failed because of a token mismatch

opened 12:13AM - 21 Nov 24 UTC

atom-box

Enhancement To Triage

When this error occurs in the client browser: `The form security failed because… of a token mismatch. Please reload the form and check that your cookies are on` Part of the error message could the following: 1. In the browser, check whether cookies are on. Just run this and modify the error message: ``` if (navigator.cookieEnabled) { console.log("Cookies are enabled."); } else { console.log("Cookies are disabled."); } ``` 2. In the backend send a check for SSL (a cause of this error). The logic already exists: it is part of Matomo's System Check, in the `Admin >> Diagnostics` This is a high frustration error for users as it keeps them logged out of their Matomo. Recently a team of 5 users, staring down a promised deadline, were all locked out for 5 days and 5 emails because of this error.

Thank you.