How to fix “Invalid form key. Please refresh the page.” error in Magento 2
Last Updated | April 5, 2024
Table of Contents
The “Invalid form key. Please refresh the page.” error in Magento 2 typically occurs due to issues when there’s a mismatch between the form key stored in the session and the form key submitted with a form request. Form keys are a security feature in Magento that assists with Cross-Site Request Forgery (CSRF) attacks by ensuring that form submissions originate from the same Magento instance.
For every session, a one-of-a-kind unique form key is produced and inserted into the form as an invisible field. Also, the equivalent is coordinated with the client’s request to affirm the legitimacy of the request.
Read Also: Magento 2 SOAP API – A Comprehensive Guide
Invalid form key. Please refresh the page. Magento 2 It is one of the most simple errors you’ve probably encountered. It might appear when you:
– install Magento 2 extensions
– update Magento 2
– create a localhost account
– add multiple child products in configurable product
– add a lot of upsell and cross-sell products
– try to save an attribute with many options
Three Main Reasons why the Magento 2 “Invalid form key. Please refresh the page.” error appears
Server Configuration Issues
Incorrect server configurations related to sessions, cookies, or security settings can also trigger form key validation errors.
For example, misconfigured PHP settings Magento platform has specific server requirements for PHP max_input_vars value. It is the maximum number of variables that the server can utilize for a single request to avoid over-burdening (this value is utilized mainly to safeguard your server from DDOS assaults).
Naturally, it is set to 1000 which is inadequate for Magento and causes the error.
Also ensure that your PHP settings are correctly configured, especially session.cookie_domain and session.cookie_secure.
Base Url Setting
Likewise, you could get this issue on localhost. It shows up if you use “localhost” for the base URL rather than “127.0.0.1” and Magento simply doesn’t recognize it. It causes the cookie misrecognition and correspondingly Magento “Invalid form key. Please refresh the page.” error appears.
Incorrect Form Key
You may also get this error on a storefront when you attempt to submit a form. This issue shows up on the off chance that you have an old version of Magento or an old form and not all javascript files are loaded for the mentioned activity to be performed (e.g. add to cart activity).
Others
Session Issues
Problems with sessions, such as expired or invalidated sessions, can lead to key validation errors. Magento relies on sessions to manage form keys, so any issues with session management can cause this error.
Caching Problems
Caching issues, especially if the full page cache (FPC) is enabled, can interfere with form key validation. Cached pages might contain outdated form keys or invalid session data, causing the error to occur.
Third-Party Extensions or Custom Code
Sometimes, third-party extensions or custom code can conflict with Magento’s form key validation logic. If an extension modifies form submission behavior without handling form keys correctly, it can lead to the “Invalid form key. Please refresh the page.” error.
Solutions for the “Invalid form key. Please refresh the page.” error in Magento 2
Solution 1: Increase the max_input_vars in PHP
To increase the max_input_vars variable in PHP, you’ll need to modify your PHP configuration settings. Increasing it can be necessary when dealing with forms or data submissions that exceed the default limit.
Here’s how you can do it:
– Locate php.ini File:
Find the php.ini file used by Apache. The location of this file can vary depending on your server setup. Common locations include /etc/php/7.x/apache2/php.ini on Linux servers.
Find the php.ini file used by PHP-FPM. The location can vary but is often found at /etc/php/7.x/fpm/php.ini on Linux servers.
– Edit php.ini:
Open the php.ini file using a text editor (e.g., nano, vim, or gedit).
– Find max_input_vars:
Search for the max_input_vars variable in the php.ini file. If it’s not there, you can add it under the appropriate section (e.g., [PHP] section).
– Increase max_input_vars:
Set the value of max_input_vars to the desired limit. For example:
max_input_vars = 3000
The suggested value for Magento 2 max_input_vars is 10000.
– Save and Exit:
Save the changes to the php.ini file and exit the text editor.
– Restart WebServer:
Restart the Apache to apply the changes. You can do this using the command:
sudo service apache2 restart
Restart PHP-FPM to apply the changes. You can do this using a command like:
sudo service php7.x-fpm restart
Solution 2: Change your base URL
To change the base URL of your local environment to 127.0.0.1 in Magento 2, you need to update the configuration settings in the Magento database. You can do this via the command line or by directly modifying the database.
Here are the steps:
– Access Your Magento Database:
Use a database management tool like phpMyAdmin or connect to your database using the command line.
– Find Your Core Configuration Data Table:
Look for the core_config_data table in your Magento database.
– Update Base URL Values:
Identify the rows with the paths web/unsecure/base_url and web/secure/base_url. These rows contain the base URLs for your Magento store.
Update the value column for both rows to http://127.0.0.1/ for unsecure base URL and https://127.0.0.1/ for the secure base URL (if you’re using HTTPS in your local environment).
You can run SQL queries like:
UPDATE core_config_data SET value = ‘http://127.0.0.1/’ WHERE path = ‘web/unsecure/base_url’;
UPDATE core_config_data SET value = ‘https://127.0.0.1/’ WHERE path = ‘web/secure/base_url’;
You can also run the following command from the project root directory to change it:
php bin/magento setup:store-config:set –base-url=”http://127.0.0.1/
php bin/magento setup:store-config:set –base-url-secure=”https://127.0.0.1/
– Clear Magento Cache:
Clear the Magento cache to ensure the changes take effect. You can do this via the command line: php bin/magento cache:clean
Solution 3: Consistently Update Magento
If you experience the “Invalid form key. Please refresh the page.” error that shows up on a storefront in the latest version of Magento, request a developer investigate it. They need to alter the Add to Cart button layout to make it accessible only after all JS scripts are loaded.
Note: on the off chance that you are utilizing a custom extension or theme, there could be a ton of reasons and correspondingly fixed courses to work on. Check with the theme or custom extension developers.
Read Also: Ultimate Guide To Advanced Reporting And Analytics In Magento 2
Conclusion
In conclusion, the “Invalid form key. Please refresh the page.” error in Magento 2 is a common issue that occurs due to various reasons such as expired form keys, session issues, incorrect server configurations, caching problems, browser settings, or conflicts with third-party extensions or custom code.
We trust that you can solve the issue yourself by adhering to the step-by-step guidelines above.
FAQ’s
Q: What is a form key?
A form key (also known as a CSRF token) is a randomly generated value that Magento embeds in forms to verify that the form submission originated from the same site and wasn’t forged by a malicious third party.
Q: Why does the “Invalid form key. Please refresh the page.” error occur?
The error occurs when Magento receives a form submission without a valid or matching form key. This can happen due to various reasons such as expired sessions, browser issues, caching problems, incorrect server configurations, or custom code conflicts.