Invalid token on back office with load balancer 1.7.4.0

[cedricfontaine]

Hello,

We tried to activate load balancing on AWS for our site on Prestashop 1.7.4.0.

Everything is working fine on the front office but in the back office, especially in the Advanced parameters section, we keep getting Invalid token error messages and infinite redirects. We are unable to use load balancing if we want to work on the back office.

Do you have any idea what the problem is ? 

[aln]

Did you ever solve this problem? I'm having the same issue.

[sarbat]

Some solution?

[Quique García]

Same here with the 8.2.x version, somebody solved this?

[El Patron]

Hello, this issue (“Invalid token” in Back Office with load balancer) is normally caused by a combination of session handling, IP checks, and proxy headers. Here’s a step-by-step checklist:

1) enable sticky sessions or shared sessions
o on your load balancer, turn on stickiness/persistence
o or configure php sessions to be stored in a shared service like redis, memcached, or database

2) disable cookie ip check in back office
o go to advanced parameters → administration → “check the cookie’s ip address” → set to no
o if you cannot stay logged in long enough, run this sql:
update ps_configuration set value='0' where name='PS_COOKIE_CHECKIP';
(replace ps_ with your table prefix)

3) configure trusted proxies in prestashop/symfony
o add your load balancer ip(s) to the trusted_proxies setting
o this allows prestashop to trust x-forwarded-for and x-forwarded-proto headers

4) forward correct headers from load balancer
o make sure the balancer sends:
– x-forwarded-proto https
– x-forwarded-for
– x-forwarded-host
o in apache you can add:
SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on
o in nginx:
proxy_set_header X-Forwarded-Proto https;

5) check shop domain/ssl settings
o in ps_shop_url and in back office → traffic & seo, make sure domain and domain_ssl match the public url through the balancer

clear all caches
o delete var/cache/* in prestashop
o clear php opcache if enabled
o flush any proxy or load balancer cache

with one or more of these changes, the invalid token and login loop should be resolved.