Can't Login to Piwik: Form security failed

Can you try with a different browser ?

I’m getting this error message on Firefox (19.0 Mac & 19.0 Windows), IE (9.0.13 Windows), Safari (6.0.2 Mac, iPhone) and Opera (12.14 Mac). Always the same problem.

Piwik Mobile lets me access the statistics.

Or is there anything wrong with the configuration of the web server?
Here is the current state of affairs:

apache2-mod_wsgi-3.3-6.1.2.i586
apache2-mod_python-3.3.1-167.1.2.i586
apache2-2.2.21-3.9.1.i586
apache2-prefork-2.2.21-3.9.1.i586
apache2-worker-2.2.21-3.9.1.i586
apache2-mod_scgi-1.13-11.1.2.i586
apache2-utils-2.2.21-3.9.1.i586
apache2-mod_security2-2.5.9-12.1.2.i586
apache2-mod_tidy-0.5.5-218.1.2.i586
apache2-mod_php5-5.3.8-4.34.1.i586

I would really appreciate your help!

Can you try cleaning the cache? tmp/assets and tmp/template_c

Apache looks fine.

The tmp/assets directory was empty and stays empty.
Removing everything from tmp/template_c did not change
anything at all :frowning:

Any other ideas? I still cannot log in :frowning: Please help if you can.

Sorry not sure at this stage. Consider contacting: http://piwik.org/consulting/#contact-consultant for professional help

phlipp, did you managed to work this thing out?

no :frowning: still unsolved.

I guess I have to live with the fact that I can only use the mobile app.

After completely setting up the whole system from start (including apache, php, mysql, …) and with the latest distribution, the problem has gone away. Whatever has caused the problem, it is gone :slight_smile:

Thanks for your support.

Sorry to resurrect this thread but I have the same issue. I have tried using different browsers (IE, FF, Chrome), and made the mods suggested by vipsoft, and I have enabled cookies, without any success. I reinstalled piwik and was then able to login however after restarting the browser I get the form security error again. Is there a known fix for this?

Here is the Headers info from Chrome dev tools, do you see anything amiss?


Request URL:http://www.analytics.mydomain.se/
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:114
Content-Type:application/x-www-form-urlencoded
DNT:1
Host:www.analytics.mydomain.se
Origin:http://www.analytics.mydomain.se
Referer:http://www.analytics.mydomain.se/
User-Agent:Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36
Form Dataview sourceview URL encoded
form_login:mylogin
form_password:XXXXXX
form_nonce:TTTTTTTT
Response Headersview source
Accept-Ranges:bytes
age:0
Cache-Control:no-store, must-revalidate, private, no-store, no-cache, must-revalidate, no-transform, max-age=0
Connection:keep-alive
Content-Encoding:gzip
Content-Length:1649
Content-Length:1649
Content-Type:text/html; charset=utf-8
Date:Tue, 30 Jul 2013 11:01:42 GMT
Pragma:no-cache
Pragma:
Server:- Web acceleration by http://www.unixy.net/varnish
Set-Cookie:PIWIK_SESSID=71504ccc576010b36325ed1b9fa2cd; path=/; domain=www.mydomain.se; HttpOnly
Vary:User-Agent,Accept-Encoding
Via:1.1 varnish
X-Cache:MISS
X-Cacheable:YES
X-Frame-Options:sameorigin
X-Varnish:232828836

I believe I found the problem - in my php.ini I had session.cookie_domain = “www.mydomain.com”.

I changed that to session.cookie_domain = “analytics.mydomain.com” and was able to login.

I had the same problem. In my case it worked again after I commmented
session_save_handler = "dbtable"
so it saves in filesystem (default) again. After that I could login again without problems.

After trying to find the error (I had to set session_save_handler = “dbtable” because otherwise Piwik is really slow), I found a workaround:
Comment the lines 109 - 112 of core/Session.php (Piwik 2.0.3):
/$saveHandler = new DbTable($config);
if ($saveHandler) {
self::setSaveHandler($saveHandler);
}
/

Then the login works again. I think there is a bug in validation. Should be something for the bugtracker.

I had the very same error today.

After reading here and knowing that it may be caused by a problem with the referrer, I suddenly had an idea:

I opened piwik through https instead of http - and it worked.

Clearing the Chrome browser cache fixed it for me.

Yeah fixed it for me too, tq for share

sorry the last post was in 2015 but i have the same problem with piwik 3.0.2

I have test it with all actual different browsers. i have add these lines

proxy_client_headers[] = HTTP_CLIENT_IP
proxy_client_headers[] = HTTP_X_FORWARDED_FOR

to my config.ini.php clear all caches but it does work. I have installed piwik again and all piwik installation checks are green but it does work.

i use a letsencrypt ssl certificate and have try to add these line

force_ssl = 1

but it does work. I don’t have a idea. can anybody help me i try it for a lot of days :frowning:

regards
Hasel

sorry I forgot

i have delete too.

I try to login with Piwik android app and that is working now only with desktop browser is impossible i don’t know where is the problem