Sometimes when someone tried to login to the backend of a Joomla! 3.x page I help administrating, they were prompted a white page which following message:

The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.

The weird thing was that I could not reproduce this error, nor did this alway happen to the person. So you could say this was some kind of "heisenbug". My first thought was some kind of faulty operation of Joomla! by the user, like using the "Back" button in the browser after logging in and thus confusing the authorization mechanism by setting the cookie twice. Luckily I refrained from walking over to the user and telling him he is doing everything wrong...again. Because after working in the backend for several hours I too got the error message. Now I could elimitate the possibility of a user generated bug (because I NEVER make mistakes EVER).

The cause

The problem seemed to be a broken prefix_sessions table of Joomla!. This normally happens if the server crashes while doing some operation on the table. I assume that some records where (more) corrupt than others, so not all users got the same amount of errors.

The solution

Here is how I ended up fixing the problem:
Luckly most database software comes with utillites to fix corrupted database tables. Here are the steps for MySQL:

  • Go to your MySQL administration interface. This can be PhpMyAdmin or what ever software you are using.
  • Back up your database... Like...seriously, dude.
  • Find your Joomla! Database and the prefix you chose while installing the CMS
  • Open a SQL prompt and fire following commands: The first one deletes all stored sessions in the DB. This is no problem at all. Don't worry, you will not loose any user data. BUT remember: All currently logged in users will be logged out. The second command automatically repairs the anything that might be wrong with your sessions table.
	TRUNCATE yourPrefix_sessions 
	REPAIR yourPrefix_sessions
  • If this does not help, try deleting the sessions table and building a new one. Notice that your new sessions table has to have the correct structure, so consider using an old backup of the table. It can be a real pain getting all the indecies right by hand.