Cms: 400 bad request ("Unable to verify your data submission.") on login

Created on 3 Sep 2018  Â·  10Comments  Â·  Source: craftcms/cms

Description

When logging into a few month old local project I get the following error:

HTTP 400 – Bad Request – yii\web\BadRequestHttpException
Unable to verify your data submission.

The front end of the site works fine as does the login screen.

This isn't a fresh install and I have also tried some other suggestions to resolve it with clearing browser caches and it hasn't resolved the issue on Chrome, Firefox or Safari.

Steps to reproduce

  1. Visit myproject.com/admin to login
  2. Enter correct login credentials
  3. Get error

Additional info

  • Craft version: 3.0.19
  • PHP version: 7.1.12
  • Database driver & version: MySQL 5.6.38

Error page trace

```
yii\web\BadRequestHttpException: Unable to verify your data submission. in /Users/user/Development/project/build/vendor/yiisoft/yii2/web/Controller.php:166
Stack trace:

0 /Users/user/Development/project/build/vendor/craftcms/cms/src/web/Controller.php(82): yii\web\Controller->beforeAction(Object(yiibase\InlineAction))

1 /Users/user/Development/project/build/vendor/yiisoft/yii2/base/Controller.php(155): craft\web\Controller->beforeAction(Object(yiibase\InlineAction))

2 /Users/user/Development/project/build/vendor/craftcms/cms/src/web/Controller.php(103): yiibase\Controller->runAction('login', Array)

3 /Users/user/Development/project/build/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('login', Array)

4 /Users/user/Development/project/build/vendor/craftcms/cms/src/web/Application.php(282): yiibase\Module->runAction('users/login', Array)

5 /Users/user/Development/project/build/vendor/craftcms/cms/src/web/Application.php(538): craft\web\Application->runAction('users/login', Array)

6 /Users/user/Development/project/build/vendor/craftcms/cms/src/web/Application.php(266): craft\web\Application->_processActionRequest(Object(craft\web\Request))

7 /Users/user/Development/project/build/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))

8 /Users/user/Development/project/build/public/index.php(42): yiibase\Application->run()

9 {main}

``

picture JayBox325
👍1

Most helpful comment

After deploying my site I had the exact same symptoms with an almost identical trace.

What I needed to do was create a cache exemption rule in my CloudFlare account to exclude any admin URLs from its cache, e.g.

*.domain.com/*admin*
Always Online: Off, Cache Level: Bypass, Disable Apps, Disable Performance

picture jkorff on 31 Dec 2018
👍2

All 10 comments

We’ve seen this when using Chrome, if the site was ever accessed over SSL, but currently is not. Possible that’s the case here? If so just stick to SSL, or reset Chrome’s caches and cookies for the domain (including HTTPS cookies).

brandonkelly picture brandonkelly on 3 Sep 2018
👍1

I have cleared all browsing data from Chrome, Safari and Firefox and I still get the same issue. Someone on Craft Slack has mentioned it's something to do with a CRSF token not being set or set wrong, so I'm going to look into this today. Would any other details help find a potential cause?

Cheers

JayBox325 picture JayBox325 on 3 Sep 2018

Right, that error comes from the CSRF token param in the request not matching the CSRF cookie.

You said you’re getting this on the Control Panel login page though, so unless you have a plugin that is making changes to it, it’s unlikely that the issue is with the form itself.

brandonkelly picture brandonkelly on 3 Sep 2018

Ok, I've just spotted there's a load of cpresources 500 errors on my local CP login screen. Turned out that there was both /public AND /web directories in my local repo that was being populated by Gulp because my favicons path was still set to be /web/favicons.

This makes more sense. Because the Cookie wasn't getting reset based on the new CRSF token being generated.

Thanks, Brandon. Apologies for wasting your time!

JayBox325 picture JayBox325 on 3 Sep 2018

No worries, glad you got it sorted!

brandonkelly picture brandonkelly on 3 Sep 2018

Hi @brandonkelly - we get this error after running craft migrate/up --interactive=0

Do you know what could be causing it?

mikefrancis picture mikefrancis on 25 Oct 2018

@mikefrancis Can you clear out your storage/logs/ folder, reproduce the error, and send the new contents of storage/logs/ over to [email protected]?

brandonkelly picture brandonkelly on 25 Oct 2018

Sorry Brandon, I think there's an exception that is being thrown in a template somewhere. False alarm!

mikefrancis picture mikefrancis on 26 Oct 2018

After deploying my site I had the exact same symptoms with an almost identical trace.

What I needed to do was create a cache exemption rule in my CloudFlare account to exclude any admin URLs from its cache, e.g.

*.domain.com/*admin*
Always Online: Off, Cache Level: Bypass, Disable Apps, Disable Performance

jkorff picture jkorff on 31 Dec 2018
👍2

I got this error and checked my error log. I found a bunch of errors like this:

2019-01-18 09:03:30 [-][-][soundnpevuons07lqg8c911grb][error][yiibase\ErrorException:2] yiibase\ErrorException: fopen(/craft/web/cpresources/725d4d8/jquery-ui.min.js): failed to open stream: No such file or directory in /craft/vendor/yiisoft/yii2/web/Response.php:485.

When researching I found that there might be some write issue errors with the sub folders of the /web/cpresources folder. I cleared out all the sub folders and then tried to log in again. Now it all works.

simeon-smith picture simeon-smith on 18 Jan 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

richhayler picture richhayler  Â·  3Comments
angrybrad picture angrybrad  Â·  3Comments
michaelhue picture michaelhue  Â·  3Comments
rynpsc picture rynpsc  Â·  3Comments
michel-o picture michel-o  Â·  3Comments