Nodebb: login trigger error 403 forbidden.

I'm using latest version of nodebb

here the url: http://forum.ng-erp.com

Please take a look here: https://github.com/NodeBB/NodeBB/issues/4461#issuecomment-203735074

@nhlpl thanks, but it's not work for me, and my server disk has enough space.

I got this error in console:

http://forum.ng-erp.com/vendor/jquery/timeago/locales/jquery.timeago.zh-CN-short.js?_=1460298272958 404 (Not Found)

and this error in page sometime

and here is ./nodebb log

# ./nodebb restart && ./nodebb log

Restarting NodeBB

Type Ctrl-C to exit

 invalid csrf token
10/4 22:27 [17057] - error: /login
 invalid csrf token
Clustering enabled: Spinning up 1 process(es).
10/4 22:30 [17057] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised.

10/4 22:30 [17057] - info: [app] Database connection closed.
10/4 22:30 [17057] - info: [app] Web server closed to connections.
10/4 22:30 [17057] - info: [app] Shutdown complete.
[cluster] Child Process (17057) has exited (code: 0, signal: null)
10/4 22:30 [17668] - info: Time: Sun Apr 10 2016 22:30:06 GMT+0800 (CST)
10/4 22:30 [17668] - info: Initializing NodeBB v1.0.1
10/4 22:30 [17668] - info: [database] Checking database indices.
10/4 22:30 [17668] - warn: [meta/dependencies] Bundled plugin nodebb-plugin-spam-be-gone not found, skipping dependency check.
10/4 22:30 [17668] - warn: [socket.io] Clustering detected, you are advised to configure Redis as a websocket store.

10/4 22:30 [17668] - warn: [plugins/load] The following plugins may not be compatible with your version of NodeBB. This may cause unintended behaviour or crashing. In the event of an unresponsive NodeBB caused by this plugin, run `./nodebb reset -p PLUGINNAME` to disable it.
  * nodebb-plugin-emailer-local

10/4 22:30 [17668] - info: NodeBB Ready
10/4 22:30 [17668] - info: Enabling 'trust proxy'
10/4 22:30 [17668] - info: NodeBB is now listening on: 0.0.0.0:4567
10/4 22:30 [17668] - error: /login
 invalid csrf token

thanks!

I clear my nginx cache, browser cache, and still not work, any other help?

Having the same issue. Fresh local install on an OSX machine, I get "Forbidden" in my browser and:

3/4 11:12 [46088] - error: /login
 ForbiddenError: invalid csrf token
    at verifytoken (/Users/josh/Work/NodeBB/node_modules/csurf/index.js:269:11)
    at csrf (/Users/josh/Work/NodeBB/node_modules/csurf/index.js:97:7)
    at Layer.handle [as handle_request] (/Users/josh/Work/NodeBB/node_modules/express/lib/router/layer.js:95:5)
    at next (/Users/josh/Work/NodeBB/node_modules/express/lib/router/route.js:131:13)
    at Route.dispatch (/Users/josh/Work/NodeBB/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/Users/josh/Work/NodeBB/node_modules/express/lib/router/layer.js:95:5)
    at /Users/josh/Work/NodeBB/node_modules/express/lib/router/index.js:277:22
    at Function.process_params (/Users/josh/Work/NodeBB/node_modules/express/lib/router/index.js:330:12)
    at next (/Users/josh/Work/NodeBB/node_modules/express/lib/router/index.js:271:10)
    at Function.handle (/Users/josh/Work/NodeBB/node_modules/express/lib/router/index.js:176:3)

in the console when running ./nodebb start && ./nodebb log

I'm working off of the stable branch and using Redis 3.0.6

@nemoxiaolan I just went on your site and it seemed to work for me

It seems to be a problem with subdomains with special characters (i.e. nodebb-username.rhcloud.com).
https://community.nodebb.org/topic/8530/fix-nodebb-invalid-session-behind-cloudflare/2

Issue closed due to inactivity.

_This is an automated message. If you feel this action was in error, please comment on this issue so it can be looked at again_

I know the issue is closed, but this has just happened to me too on a self hosted fresh server install

Details:
Server: Ubuntu 14.04
NodeBB Stable NodeJS install
Nginx running as a proxy only redirecting port 80 to 4567
Tested internally to be working (local ip) on pc and cellphone
Internal DNS records deleted, External DNS records updated to point to the outside IP of the server, which is port mapped to the inside IP of the server on port 80 only.
Now after Refresh period, website works from outside (internet) on PC Browser without a problem,
also can Login, but accessing the same domain on cellphone (previously used to test) throws Log Error Invalid csrf token, on the website itself (which loads) it throws up a message multiple times - Invalid Session, and when trying to login says Error logging in - Forbidden, in server log just states - login error. All this happens ONLY on cellphones, tested on an android and iphone, working ok accessed by desktop browsers.

Any thoughts, ideas, help is really appreciated.

Same problem, worked well at first and now it's impossible to register or login.
Latest stable Node.js 4.x.x, NodeBB 1.0.3 with Redis as DB.

EDIT: I'm asking this issue to be reopened. The problem was never solved in the first place

Problem was solved by leaving blank the _Cookie Domain_ field in Admin -> Settings -> Advanced

Ok, you solve it, but how i can login to set this options ?

1.0.3
head
master

Doesn't solve this so strange issue :(

Fix

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;