Your session has expired, please submit the form again.

  • Affected Version
    WoltLab Suite 3.0

    I'm getting "Your session has expired, please submit the form again." when trying to login to the ACP and the general suite at the same time. If I wipe my cookies, I can login to either one, but then when I try to login to the other one, I get the above message.

  • when trying to login to the ACP and the general suite at the same time.

    Can you elaborate what exactly is "the ACP" and "the general suite"? Are you talking about the backend of the same installation or the backend of a different one? Are you running on a multi-domain setup? Also disregards the suggestions made by jacboy, none of them are helpful.

    Alexander Ebert
    Senior Developer WoltLab® GmbH

  • I somehow missed your response, sorry about that.

    By the ACP, I mean the Administration Control Panel that you generally access from By "general suite" I mean where the "normal users" would log in, generally

    I was able to fix the issue I was having by wiping out all the assorted session tables. There may be a frontend way, but I like to live dangerously (and it was a beta site, but still). For those who also like to live dangerously/have a beta site, I ran the below queries. Of note, this very well may kick your users offline, and will certainly throw a warning for every single one of them on their next action that their session has expired. In addition, all the regular warnings about mucking with the database apply here.

    DELETE FROM wcf1_acp_session;
    DELETE FROM wcf1_acp_session_virtual;
    DELETE FROM wcf1_session;
    DELETE FROM wcf1_session_virtual;
  • Truncating the *_virtual tables is unnecessary, they're automatically cleaned up using a foreign key referencing the parent table.

    Alexander Ebert
    Senior Developer WoltLab® GmbH

  • Not sure if it helps but trying to change the cookie prafix maybe?

    This will logout all users but then you should be able to login again.

    Maybe you can also check with the debug modus if anyhting will be recorded why you are logged out:

    Or have have you checked your Browser console for clues?

    Hint: You can combine the debug mode with the benchmark, turning the benchmark into a clickable link that gives insight into the actual queries that were executed and what impact they had on load time. You could edit the index.php and insert something like that at the top: Code
    if ($_SERVER['REMOTE_ADDR'] === 'yourFancyIP') {
    define('ENABLE_DEBUG_MODE', 1);
    define('ENABLE_BENCHMARK', 1);

    Just keep in mind to get rid of that block again. It is basically abusing the fact, that the checks if the constant already exists before attempting to set it on this own.

  • I recommended this, but Alexander Ebert said that's bullshit.

    No, you didn't. You've suggested clearing the cache and changing/review the cookie domain, none of that will ever fix the issue described by the thread starter. Changing the cookie prefix however can help if this is a collision issue caused by reusing the same prefix while using a deeper directory.

    Alexander Ebert
    Senior Developer WoltLab® GmbH

  • I know this thread is pretty old already but I'm getting the message "Your session has expired, please submit the form again." over and over again in the normal login and in the ACP login.

    I tried clearing the session tables, cleared all browser caches, service workers, cookies etc. and restarting nginx + fpm. Nothing helped. Only changing the cookie prefix worked for me temporary though I deleted all cookies in my browser.

    When I use an incognito Window it works normally.

    What can I do?

    PS: All my pages are up to date related to WSC Core 3.0.15 pl 1

  • Sick

    Did you somehow logged in through https and switched back to http?

    Laurent Declercq (nuxwin)
    i-MSCP project director