AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
Gold12 Latest Migration to 9.0.7 Getting Antiforgery Token Expired
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86
Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
|
First time with having problems with migrating a Gold12 latest to the latest 9.0.7 full version. After migration is completed and trying to log into the Admin for the first time, I'm getting a (security token has expired error) and cannot log into the Admin. I've migrated this Gold12 DB many times from versions 9.0.0 through 9.0.6 and never ran into this problem. I found this post from 3-years ago https://www.ablecommerce...urity-token-has-expired.I've tried all of the hacks to the DB and still cannot log in. If anyone has run into this with later version migrations, please help with any info on how to get around this. Thanks again. Edited by user Sunday, December 4, 2022 2:14:20 PM(UTC)
| Reason: Not specified
|
|
|
|
|
|
Rank: Advanced Member
Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 303
Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
|
If your site is not https, check your web.config and make sure you don't have entries in there requiring secure cookies. That has usually been the issue when we have seen this problem. Or try clearing your browser cache.
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909
Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
|
From my experience, even after changing the proper database settings, and clearing my cache, I had to go to the IIS server and restart the site.
There are many instances where just clearing the cache may not work, and you need to either wait for the server cache to clear or just restart the site.
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86
Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
|
Thanks all for the tips.
Still searching for the problem. I've crossed checked web.config files, cleared cache on server, app pool, IIS, browsers Firefox, Chrome i.e
I've tried several migrations and crossed checked DB's as well with ac_storesettings table against my recent migrations and earlier migrations. I did find a missing line as noted below. However, still cannot locate the issue of this error trying to login to the Admin.
As a note: The ac_storesetting table in the migrated db was missing a line: GoogleReCaptchaEnabled False. I inserted and recycled as noted above, but the error still happens when trying to log in first time to Admin.
This is the first migration I have had issues with (Gold12 to a NEW 9.0.7) full install. All other migrations in the past have been seamless with no issues at all. Also, when performing the migration the DB updates every time and the very last step always shows all green and no issues at the end. What is really interesting, the site is up and running and can be browsed from the front end.
As always, it's right in front of my eye's just not seeing it. If the Able team has any suggestions, please let me know. I'm wondering if it is a License issue?
Hardware: Dev Server IIS10 and SQL 2019 Express.
Thanks again for all of your feedback. Will post back once solved.
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909
Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
|
If the GoogleReCaptchaEnabled field was missing from the table, then you probably have bigger problems. How many other fields are missing, how about foreign keys link to other tables?
Something did not convert properly. Just for your information, please see the table structure info below.
This table has 168 fields, one foreign key and one regular key.
I hope this helps,
-Ray
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86
Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
|
Ray,
Like I said at the end of the migrations that I have done showed no errors every time and the final box was highlighted in Green showing all tables, fields i.e. ok and 0 warnings or errors.
I have also used SQL compare tool and all migrated ac_storesettings table I checked against showed the same matching fields and nothing to merge (190 fields). So, based on the Able migration instructions I used everything is working as should during the migration that I can see and from my past experiences with Able migrations.
When I did find that the GoogleReCaptchaEnabled field was there in a earlier 9.0.6 full migration and not in the 9.0.7 migrations I completed.
This is when I added the field in as a test to see if this was causing the issue. No go. So, I have no answers for this and this is why I would like to hopefully hear back from the Able Team.
The Gold12 DB has not been changed at all with tables, fields and customization's in the last 3 full migrations including 9.0.5 then 9.0.6 and now to 9.0.7 that I have completed to date. We are eager to get this site up and running into the Able9 platform as the Gold 12 is robust, but misses a lot of new features.
Thanks for your feedback.
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909
Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
|
We count 168 entries or rows in our table, not 190. We have four servers that we constantly move the database back and forth, especially after upgrading or update systems.
When you move the database from one server to the other, things break, so we have automated the process, here's the last script that we run to bypass the Google ReCaptchas.
It's looking for 2 fields, not one.
I wouldn't rely on Ablecommerce telling you that everything is OK, been there.
SQL Query to disable GoogleReCaptchaEnabled
UPDATE ac_StoreSettings
SET FieldValue = 'False'
WHERE FieldName = 'GoogleReCaptchaEnabled' OR FieldName = 'MerchantPasswordImageCaptcha';
Try setting the 2nd field to "False" as well.
I hope some of this helps,
-Ray
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86
Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
|
Just getting back to this.
I already had tested the change with MerchantPasswordImage to false (based on the earlier post from 3-years ago) and Inserted GoogleReCaptchaEnabled to false in the DB. Both failed. I'll post back the final resolve to this issue.
Thanks again for your help.
|
|
|
|
|
|
Rank: Advanced Member
Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 303
Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
|
What are your SSL settings in the admin? If you are not using SSL, there should be nothing set there. I believe when you change them, it writes to App_Data/AbleCommerce.config. Here is the start of the settings on my local dev site:
<sslSettings enableSslRedirecton="False" forceSslOnAllPages="False" sslStateForUndefinedUrls="Ignore">
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86
Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
|
Judy,
My App_Data/AbleCommerce.config is set as is <sslSettings enableSslRedirecton="False" forceSslOnAllPages="False" sslStateForUndefinedUrls="Ignore"> So this is ok as well. Thank you for pointing this out.
The migration from our live DB SSL is set to true when migrating and I had not realized this from the previous migrations as I have never had any issues. I have also changed the SSL setting in the DB after the migration to false to see if this was the issue as well. But no go on the fix.
I'm going to park this Dev site and spin up another and try and see what is failing. Also as a note I see that the ac_StoreSettings table is messy as well with leftovers when they removed the Shopping feed from the last fixes. They forgot to do some housekeeping in the table.
Thank you again for pointing this setting out.
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909
Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
|
On our development server we use a fake SSL certificate, easy to create. It, of course, would definitely help if we could see what they see. Even a video would go a long way.
I'm assuming that all permissions have been checked?
We are still dealing with the "offline payment bug" (Maybe) issue down here. Although we were able to bypass a line of code to fix it, it's still driving us crazy trying to figure out what's going on, so when things like this or not having the ability to log into the admin section, which is a big deal, the mind doesn't stop until it finds a solution.
-Ray
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86
Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
|
I believe this may be the problem as I debugged this in a browser. It appears the __RequestVerificationToken is timing out before it matches and throwing the error: <label class="error">The security token has expired. Please login again.</label> Here is the script that's generated when the login fails: Quote:<form action="/Admin/Login" class="m-t" method="post" novalidate="novalidate"> <input name="__RequestVerificationToken" type="hidden" value="uvtEX-c0xIsr7PjYIDLneiS63nG_Ur_UD9zWZLEHfPJV2mM0-8Vh08Sw8h01-zlQA6JL2jlbr9GTN7rH_9r4gfbqQiMV6TqpRISU67eP9rw1"> <input id="PasswordExpired" name="PasswordExpired" type="hidden" value="False"><input id="ReturnUrl" name="ReturnUrl" type="hidden" value=""> <label class="error">The security token has expired. Please login again.</label> <div class="form-group"> <input class="form-control" data-val="true" data-val-length="The field User Name must be a string with a maximum length of 255." data-val-length-max="255" data-val-required="The User Name field is required." id="UserName" name="UserName" placeholder="Username" type="text" value=""> <span class="field-validation-valid" data-valmsg-for="UserName" data-valmsg-replace="true"></span> </div> <div class="form-group"> <input autocomplete="off" class="form-control" data-val="true" data-val-required="The Password field is required." id="Password" name="Password" placeholder="Password" type="password" value=""> <span class="field-validation-valid" data-valmsg-for="Password" data-valmsg-replace="true"></span> </div> <input id="ShowCaptcha" name="ShowCaptcha" type="hidden" value="False"> <input id="GoogleReCaptchaEnabled" name="GoogleReCaptchaEnabled" type="hidden" value="False"> I'm not sure where to modify the code. I think it is in the Global.asax.cs? Any help from Able Team would be great. As a note: I have 2 dev sites running on this server in versions 9.0.6 full migration from a Gold12 db and a recent upgraded 9.0.6 to 9.0.7 dev site that was a full version migration from a Gold12 db. I'm having no issues with either site's when logging into the admin. Thanks again for any help you can offer.
|
|
|
|
|
|
Rank: Advanced Member
Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86
Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
|
After fighting this issue for several days, I found that the problem was due to Auto generated password's that was used for all of the Admin's sometime after we had last migrated this site to a 9.0.6 full install.
After changing all the Admin password's manually the Gold12 DB migrated seemliness with no issues at all.
Thanks again for all of your help.
|
|
|
|
|
|
AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
Gold12 Latest Migration to 9.0.7 Getting Antiforgery Token Expired
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
