After completely setting up the whole system from start (including apache, php, mysql, …) and with the latest distribution, the problem has gone away. Whatever has caused the problem, it is gone
Sorry to resurrect this thread but I have the same issue. I have tried using different browsers (IE, FF, Chrome), and made the mods suggested by vipsoft, and I have enabled cookies, without any success. I reinstalled piwik and was then able to login however after restarting the browser I get the form security error again. Is there a known fix for this?
I had the same problem. In my case it worked again after I commmented
session_save_handler = "dbtable"
so it saves in filesystem (default) again. After that I could login again without problems.
After trying to find the error (I had to set session_save_handler = “dbtable” because otherwise Piwik is really slow), I found a workaround:
Comment the lines 109 - 112 of core/Session.php (Piwik 2.0.3):
/$saveHandler = new DbTable($config);
if ($saveHandler) {
self::setSaveHandler($saveHandler);
}/
Then the login works again. I think there is a bug in validation. Should be something for the bugtracker.
I have just migrated Matomo to Cloudways and am having the same problem.
It is now in a subdirectory of a domain with WordPress, if that matters…
Piwik worked for me flawlessly on 1&1 and Siteground…
I have tried Opera, Chrome, Edge, Firefox - all the same. Paused Cloudflare, but it didn’t help.
But I can log in on the Android app, for what it’s worth.
Any new ideas?
BTW, I just clicked on “Forgot password” and another screen shows up asking for username/email and below the new password and the new password again for confirmation. No email with a password-reset link. It looks like anybody who knows the URL and the username or email can reset the password. But I can’t, because I get the same error message as with a login attempt about cookies and proxies.
I have this problem too. Unfortunately, most of the discussion in this thread is too technical for me. I dont’ know what most of it means. Although I see some reference to the referrer header.
I used to use a Firefox plugin that blocks the referrer header. But I’ve switched to SeaMonkey, which as of yet, does not have such a plugin. But I still get the error anyway.
However, I did find a way around the problem (clearly by luck!).
When I see the login page, the URL in browser address field is twice longer than the field. Huge string of url and I have no idea what most of it means. But if I change the address to just the raw page address (such as h…ps://mydomain.com/stats) then I’m allowed to log in.
Can someone explain in a simple way, how I can fix this? Even with the lucky workaround, it still would be nice to just log in.
Thanks
Edit - note that I’m still using 2.15 - would upgrade fix it?