Security token missing error when accessing cPanel, webmail or WHM

HTTP error 401

Invalid Security Token

The Requested URL does not contain your session’s correct security token

You may have reached this error by copying and pasting a URL from a different cPanel, WHM or Webmail session into
your browser address bar. To resolve this situation please take one of the following steps.

Go Back one page and reload the URL, making sure that the /cpsess…/ section of the URL remains the same

Re-enter your account’s password below. This will assign your session a new security token. This new token will prevent you from using other pages of this application that may be open in other tabs.
 
FIX :
 
You might have seen the above above error when accessing cPanel, webmail or WHM in your web browser. The login details you have entered is correct but you got logged out from cPanel.
 

Reason why you’re getting this error

 
1. You might see the error if you have accessed cPanel, WHM etc from bookmarks in your browser.

Most of us save the login URL in web browser bookmarks because it is easy to remember. You might have saved the URL including the old session ID in the browser.

2. You will see “Invalid security token” error if you have opened multiple sessions (multiple cPanel, webmail or WHM) in a single browser.

3. Your internet might have got disconnected while you were working on cPanel. The security token will get changed when the internet get reconnected and it is not same as old token.

Before the internet connection got disconnected the security token was : https://server.example.com:2087/cpsess1477854555/ and when it got reconnected the security token changed to https://52.38.140.193:2087/cpsess6534278654/

In the above URLs you can see that security token is different.

4. You might have copied different cPanel, WHM or webmail session into your browser.
 

How to fix “Invalid Security Token” Error

 
Follow the below steps to fix the error. Do not open the URL from browser bookmarks.

1. Refresh or reopen the webbrowser and try again

2. Clear browser and DNS cache. Also delete all cookies in the brower and try accessing the link.

3. Try the URL in an incognito/private window in the browser.

On old cPanel versions there is option to disable security token but is is removed in latest cPanel versions. Disabling security token is a security risk so this feature is completely removed from tweak settings on new cPanel versions.

On old cPanel versions the below steps will fix the “Invalid Security token” error.

NOTE : The below steps will not work on latest cPanel version.

1. Log into WHM using server ‘root’ password

2. Search for “Tweak Settings” in WHM search bar

3. Uncheck “Require security tokens for all interfaces”

4. save “Tweak Settings”
 

 
You can do the same from server backend

1. Log into server via SSH as ‘root’ user

2. Edit the file /var/cpanel/cpanel.config using vi editor

vi /var/cpanel/cpanel.config

3. You will see the line “xsrftokens=1”

Change the line xsrftokens=1 to xsrftokens=0

4. Save the file and exit

5 Run the below command on the server to update tweak settings

Command : /usr/local/cpanel/whostmgr/bin/whostmgr2 –updatetweaksettings

Now Try accessing cPanel/WHM/webmail in the browser and you won’t see any Security token missing errors.