Sorry the form has expired. Please refresh

Hey guys. So last night I needed to setup a secondary FTP access for my client. The idea was for them to be able to upload their media directly to our ftp, making it easier for me to access (currently using dropbox)

What i did, was assign a sub directory for them OUTSIDE of the webroot (which was changed to install xibo in the first place)

So the subdirectory was created using …/Directory.

Since then, whenever ive tried logging in, i am getting “Error Sorry the form has expired. Please refresh.”

I presume this is the security xibo offers kicking in, but i have absolutely no idea of how to rectify this.

If anyone has any ideas i would be eternally as i am getting rather worried at this point.

Many Thanks

EDIT: Also forgot to mention, this happens with every device i try to login with. Tried 2 phones, a tablet and 3 desktops.

EDIT2: I just noticed in the “console” on the broswer i get this "login:1 Uncaught SyntaxError: Unexpected token " many times rapidly

EDIT3: I checked the “logs” in the cms database, this is what is in there “Error writing session data: SQLSTATE[HY000]: General error: 1665 Cannot execute statement: impossible to write to binary log since BINLOG_FORMAT = STATEMENT and at least one table uses a storage engine limited to row-based logging. InnoDB is limited to row-logging when transaction isolation level is READ COMMITTED or READ UNCOMMITTED.”

What CMS version are you using please?

Perhaps also what browser?

problem seems to be with php session, I’m not certain why would your change affect Xibo like that though, could you perhaps tell us what exactly have you done and perhaps more information about your server environment please?

I am using 1.8.2. I believed that would have been the issue as nothing else was done out of the ordinary.

I checked the sessions in the database and ran truncate session but that was already empty?

I have tried it on chrome, ff, ie.

There has been other users logging in from different ips, would this affect it?

Even without putting anything in the login form, just simply pressing login returns the error.

It is hosted on a shared host however I have total access.

EDIT: So ive checked the logs, and im 99% certain ive found where it all went wrong… Ive attached an image, and the 2 “500” error codes are the only errors there, and after that its all been impossible to login. AS i stated, the only thing i had done that night was create an FTP outside the directory root, i dont recall making any other changes.

EDIT3: Still not fixed. After reading the forums a bit more, ive read about the “login token” I appear to have two?? The “unexpected token” error that loops points to one token but not the other? So is it possible im being served with two tokens which is causing the issue? As you can see in the image, one of them is flagged “unexpected token” the other seems ok?

EDIT4: So something odd is happening, and now im totally stumped. Before i setup this main xibo server for my client, i was testing on an old domain name i had. Ive just tried to login to there, and got the exact same problem and that hasnt been touched for around 2 months…

That’s well, interesting.

There is this error about session and probably related one about unexpected token.

There is also this ‘Template Missing Exception type…’ can I see this error in whole please?
I wonder if it’s something with the CMS theme too, could you check GLOBAL_THEME_NAME setting in db?

I think it may ultimately need Dan’s eyes - I’ve made a note to bring this topic to his attention.

So completely out of the blue, i can now connect to my original server, but not the previous install or the fresh install…

These are the current db logs after the miraculous login success. The main errors now being

Unable to resolve host "": No address associated with hostname
Error in Register: null
Error in Register: timeout
Error in Register: HTTP request failed, HTTP status: 307

EDIT1: Sorry, the GLOBAL_THEME_NAME. This is also the exact same in the current 2 broken installs too.

EDIT2: Also just noticed this error on one of the displays: Error in Register: unexpected end of stream on okhttp3.Address@2df30bb5

Sorry for all the edits. Just trying to provide as much clear info as possible.

Right, those errors now are from players that can’t reach the CMS in question - basically if you can’t access the CMS, then player can’t do that either.
HTTP 307 is a temporary redirect error.

I really will need Dan to look at it, unfortunately he will be available on Thursday, then I’ll make sure to point him here.

I am also seeing this problem on my Xibo 1.8.2 install. I have it installed on a windows server 2012 r2 IIS stack and everything was working fine in July. Today I tried to login and I am seeing the “Error
Sorry the form has expired. Please refresh.” message.
I am seeing an additional message “Resource interpreted as Stylesheet but transferred with MIME type text/html” on this link:

In case anyone else runs into this issue, the problem is probably caused by the BINLOG_FORMAT var still being set to STATEMENT instead of MIXED. Details about this are in this thread: Upgrading from Xibo 1.7.4 to 1.7.7

I had the same issue today (“Sorry form has expired…”) an detected, that XIBO-Web will not run with (my hosters PHP 7.1).
So I set it to use PHP 5.6 instead (which my provider does via .htaccess) an everything worked fine!
Hope that’s a help for others!