Unable to login

markwaters · October 30, 2019, 1:01pm

I keep my installation up-to-date , whenever the update email arrives I go through the update procedure without a problem.
When it arrived recently I was forced to login again.
However this time I get this error.

Error : Form security failed. Please reload the form and check that your cookies are enabled. If you use a proxy server, you must configure Matomo to accept the proxy header that forwards the Host header. Also, check that your Referrer header is sent correctly.

There is no proxy on the webserver side.
I do use a proxy for my browser , but the same error shows even when I switch the proxy off and go direct.

I manually upgraded the matomo installation by downloading the latest zip file , unpacking it , overwriting the current installation and using the commandline to update the database , this all went swimmingly.

Still unable to login though.
Any ideas ?
Thanks.
Mark.

s8t7k9 · October 30, 2019, 3:47pm

Hi Mark,

I have the same problem after upgrading the test environment to 3.12.0. Hope Matomo can help us to fix this issue.

Regards
Raghu

PeterM · October 30, 2019, 5:07pm

Hi,

i had this problem also. After deleting all the cookies it worked again.
You can perhaps try to login via an anonymous window in the browser. (ctrl+shift+n)

Good luck

markwaters · October 30, 2019, 5:34pm

Hi @s8t7k9 , thanks for replying , good to hear that it isn’t just me having this issue , sorry you are suffering with it to though

markwaters · October 30, 2019, 5:38pm

Hi @PeterM , Thanks for your suggestions.
I have tried both clearing the cookies from my regular session and using a Private Window , both fail as described above.
I have also tried another browser on my laptop which showed the same problem.
Just tried it on my tablet’s browser and I can login without a problem.
So this must be pointing towards the client ?
Intriguing.

PeterM · October 30, 2019, 6:12pm

Hi, I see this issue is registered more then once. For example:
Can't Login to Piwik: Form security failed - #42 by brynn or
Can't log in - "Error: Form security failed." RESOLVED - #4 by Lukas or
Can't log in after update to version 3.8.0
mod_proxy Form security failed

But what the solution is, is every time different.
Solutions mentioned are:

deleting the tmp-file,
deleting the cookies,
changing a parameter in the config.ini,
edit the something in .htaccess or
change some code.

But what the reason is, is not clear for me…

markwaters · October 31, 2019, 7:08am

Thanks for the suggestions @PeterM , I’ve looked at all the posts you found and :-

Cleared the browser cookies and cache.
Cleared out the tmp/templates_c directory.
Checked the PHP session.cookie_domain variable = UNSET.
Set in config.ini.php I have set session_save_handler = UNSET

Still the same , works from Android Firefox , fails on Android Brave , fails on Desktop Firefox and Brave.

matthieu · October 31, 2019, 6:15pm

Hi @markwaters

Can you check your diagnostics systemcheck is green?

Also do you use a reverse proxy maybe? see Improve error message when login fails · Issue #14192 · matomo-org/matomo · GitHub as we could document better this case. if you use reverse proxy please leave a comment on that issue.

If not, then maybe it’s time to create a new issue on Github as this would be a new problem we’re not aware of yet.

markwaters · November 1, 2019, 7:11am

Hi @matthieu.
I have gone to the Diagnostics / System Check page , all the green ticks are there.
There were a load of unnecessary files but I have deleted those.
I still see a few warning messages about Archiving , Database Abilities and Geolocation.

I do not use a reverse proxy.
I do have a proxy at the client end but have removed it from my desktop browsers configuration.
Strangely my tablet is still using the proxy and Firefox is the only device that can access the Matomo instance.
On my desktop Firefox (version 70.0) I have network.http.sendRefererHeader = 2

s8t7k9 · November 1, 2019, 3:56pm

Dear All,

I compared the network traffic using browser DEV tools on the PROD vs TEST as PROD is working as it is not upgraded yet.

What I found was that the cookie and Set Cookie used on PROD is PIWIK_SESSID as against MATOMO_SESSID on the TEST env.

And another difference is about Referrer Policy.

The Referrer Policy on PROD : no-referrer-when-downgrade
and on TEST : same-origin.

Not sure if this helps. Please let me know if you need more information.

Regards
Raghu

markwaters · November 4, 2019, 7:38am

I deleted my desktop Firefox profile directory today and started afresh.
Same error.

markwaters · November 12, 2019, 7:46am

Switched to the Brave browser. Same error.
Tried rolling back to Matomo 3.1.1 with a zip from https://builds.matomo.org/ , this fails as the database has been upgraded to 3.1.2

s8t7k9 · January 16, 2020, 3:04pm

@Matthieu_Aubry Many thanks for helping me in resolving the issue.
It worked after updating the LoginLdap plugin from 4.0.5 to 4.0.8.

Regards
Raghu

marvin_mason · July 7, 2022, 8:21pm

hi steve, may be try developer community, u might get a better solution.