Magento – solving the “Invalid Form Key. Please refresh the page.” on login

Sometimes you get the "Invalid Form Key. Please refresh the page." on admin login in Magento, especially when migrating Magento to a new server or domain name.

This is usually to do with the cookie domain setting being wrongly set in your Magento set up. So...

1) Make sure the cookie domain is set to the correct domain in core_config_data eg. if my server is

UPDATE core_config_data SET value="" WHERE path = 'web/cookie/cookie_domain';

2) Delete all old sessions, so either :

rm -rf var/session

or in mysql: DELETE FROM core_session;

3) Clear the cache

rm -rf var/cache

or using n98-magerun

./n98-magerun.phar cache:flush

4) If you're using Redis, clear redis too!
redis-cli -p 6379 flushall
redis-cli -p 6380 flushall

5) Finally, delete all Local Storage, Session Storage and Cookies for the new domain in browser. If you're using Chrome and on the Magento login page, just right-click, Inspect and go to the "Application" tab and clear those areas. Close the tab and open a new one with the Magento login

That should do it!

Leave a Reply