So I have been doing some testing on this "Invalid Token" issue. And my members have been getting this error from time to time. I think I have narrowed it down. I have tried this with multiple browsers and seem to get the same result.

Assuming I have cleared cookies and cache in my browser and start with everything cleared:
If I login to my jomsocial site by entering my website WITH a "www" before the domain. i.e. www.mydomain.com , I can log back in later just fine as long as I enter the URL the same way. But if I change the URL to mydomain.com without the "www" after the cookie has already been created and attempt to login, I get the "Invalid Token" error.

This works the same way vice-versa. If I clear cookies and cache and attempt to enter without the "www" I can get in just fine on first attempt, but if I change it to www.mydomain.com on second attempt, I get the "Invalid Token" error once again. So it seems that the cookie is storing the information with or without the www depending on how you enter it.

I don't know how I can fix this, but it seems like it's something worth looking into and if there is a quick fix that I can perform, I would love to know. Thanks for your help in advance!

Hi, Robert.

I tested it on your site and it seems to be right for this steps:

1. Login to site mydomain.com
2. Then doesn't log out
3. Go to www.mydomain.com
4. Try to log in
5. You'll be redirected to mydomain.com and get "Invalid token" error.

And this will work like that. Session is still open for mydomain.com and login via www.mydomain.com redirects to mydomain.com. This make session conflict.

This depends how your domain is configured. You can try on my site:

prolusatia.nazwa.pl/test/
www.prolusatia.nazwa.pl/test/

u: test6
p: test12

1. Browse to prolusatia.nazwa.pl/test/
2. Use credentials to log in
3. Don't log out
4. Browse to www.prolusatia.nazwa.pl/test/
5. Log in using credentials...

No redirection, no invalid token notices...

So how do I configure it correctly? Maybe I am unclear as what to do.

I have included my cPanel information. Maybe it's something on my end? I have currently set up my site using the Addon Domain feature to point to the particular subfolder in my host. Could this be the issue?

Hi, Robert.

This is rather beyond our technical support as this is domain configuration issue.
You should contact with your hosting provider and ask for assistance.

There are two ways to fix it: htaccess redirection rule and domain records.
But like I said: contact with your hosting provider or look in Google ;)

I have checked with my domain provider and everything is set up correctly for my domain. There aren't any redirects that would cause this issue. They are telling me that I need to consult you for further assistance. I am really at a standstill here. I would appreciate any further help. It seems like the links within the toolbar for template socialize for logging in may be redirecting to domains with www.

I don't understand if my domain is set up correctly, why am I still getting this Invalid Token issue. Is it possible there is something else we haven't explored?

Hi, Robert.

OK, let me try to explain you again. This is my site, and as you can see you can access it entering TWO URLs:

www.prolusatia.pl/
prolusatia.pl/

And you can browse entire site with or without www.

Note that one has www and other not.

For Joomla those are TWO DIFFERENT pages. When you enter Joomla site and log in, system creates a session token in database. It says on what domain, what user logs in.

In your case you have only theresocial.com . If you try access http://wwwtheresocial.com you'll be redirected to theresocial.com .

So if you are logged in on theresocial.com , and then entering http://wwwtheresocial.com will load your home page with ww and as not logged in. But when you try to log in, you'll be redirected to theresocial.com ! But session for this domain and account is already active!

Strange thing is that your home page can be accessed with http://wwwtheresocial.com but any other page available from main menu has theresocial.com/something .

This is how my domain is configured: prntscr.com/4lfpb5

You may also check your .htaccess if you have any redirection there.

In one of my previous posts I provided you credentials to my test site and as you can see yourself I don't have that issue with my domain configured like on printscreen above.

This is not a JomSocial issue. You may test it on default Joomla! login form too...

In summa: this is not JomSocial that cause that issue but domain redirection (its domain configuratio or htacces...).

You may also ask on Joomla! forum... I'm afraid that all I can do for you.

I get that you want this to be a resolved issue, but Ive checked everything against your image and my dns entries and all seems to check out just fine and seem to match.

Is it possible that the LOGIN buttons are the only thing redirecting my members from a www to a non-www url?

It appears that it only happens during login. When I am on any www.domain.com page and click through the links on my page, it does not remove the www. The login is the only thing that seems to be causing this.

Domain Configuration Issues Seems to be ruled out.

You've suggested I look into my htaccess files for redirection code or mod rewrites. I will go back in and take a look at this. But if that checks out too, I may need some further help from someone.

I will leave this pending customer response until I get a chance to check my htaccess files. I appreciate your help.

Hi, Robert.

I apologize for delay, I had few days off.
It seems that you changed your system from Joomla to other... so I can't examine your issue again.
Nevertheless your issue applied NOT only to login but also to other menu items - as I mentioned in my previous post.
JomSocial doesn't handle any redirections related with www or non-www. We use JURI::root() what is basic Joomla! function and returns current root address as it's delivered by BROWSER.