Fixed: “Invalid Form Key. Please Refresh The Page” in Magento 2

Nov 20, 2023 |

Facing the Invalid Form Key error in Magento 2? Read on this blog post till the end to find the possible reasons and solutions.

Table of Contents

Magento 2 Invalid Form Key Error – Possible Reasons
How to Solve “Invalid Form Key. Please Refresh the Page” in Magento 2?

In Magento 2, a form key (also known as a form nonce) is a security feature to prevent Cross-Site Request Forgery (CSRF) attacks, in which a malicious site or software tries to make unintended requests to the site where the user is authenticated.

The form key in Magento 2 ensures that the request is from the end-user and is not a part of any malicious activity.

For each session, a unique form key is generated and embedded into the form as an invisible field. And the same is matched with the user’s request to confirm legitimacy of the request.

Magento 2 Invalid Form Key Error – Possible Reasons

In many cases, you may encounter the “Invalid security or form key. Please refresh the page.” error in Magento 2, which may look like:

Invalid Form Key. Please Refresh The Page in Magento 2

Here are some common reasons for Magento 2 Invalid Form Key error:

You’re using an outdated version of Magento 2
Incorrect max_input_vars values (too low for Magento 2)
Problems with cookies and sessions due to mismatch of base URL during Migration

Now, let’s go through the possible ways to solve “Invalid Form Key. Please Refresh The Page” in Magento 2.

How to Solve “Invalid Form Key. Please Refresh the Page” in Magento 2?

Here are some possible solutions to the Magento 2 Invalid Form Key Error:

Solution 1: Modify the Magento Installtion Directory File
Solution 2: Increase the max_input_vars Value
Solution 3: Change the Magento Base URL

Solution 1: Modify the Magento Installtion Directory File

First, back up the root/vendor/magento/module-backend/App/Action/Plugin/Authentication.php file.

Then, open the file and disable the following entities:

$requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);
$baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');
$routeIndex = empty($baseUrlPath) ? 0 : 1;
$requestUri = $this->_url->getUrl($requestParts[$routeIndex]);

$requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);

$baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');

$routeIndex = empty($baseUrlPath) ? 0 : 1;

$requestUri = $this->_url->getUrl($requestParts[$routeIndex]);

And add the following entry:

$requestUri = $this->_url->getUrl($this->_url->getStartupPageUrl());

1	$requestUri = $this->_url->getUrl($this->_url->getStartupPageUrl());

You’ll get the following output:

      // Checks, whether secret key is required for admin access or request uri is explicitly set
        if ($this->_url->useSecretKey()) {
#            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);
#            $baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');
#            $routeIndex = empty($baseUrlPath) ? 0 : 1;
#            $requestUri = $this->_url->getUrl($requestParts[$routeIndex]);
            $requestUri = $this->_url->getUrl($this->_url->getStartupPageUrl());
        } elseif ($request) {
            $requestUri = $request->getRequestUri();
        }

        if (!$requestUri) {
            return false;

// Checks, whether secret key is required for admin access or request uri is explicitly set

if ($this->_url->useSecretKey()) {

# $requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);

# $baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');

# $routeIndex = empty($baseUrlPath) ? 0 : 1;

# $requestUri = $this->_url->getUrl($requestParts[$routeIndex]);

$requestUri = $this->_url->getUrl($this->_url->getStartupPageUrl());

} elseif ($request) {

$requestUri = $request->getRequestUri();

}

if (!$requestUri) {

return false;

Now, check if the Magento 2 Invalid Form Key error reproduces or not. If it does, try the next solution.

Solution 2: Increase the max_input_vars Value

One possible reason for the Magento 2 “Invalid security or form key. Please refresh the page.” error can be an incorrect max_input_vars value.

For the php.ini or .user.ini file, use:

max_input_vars = 10000

1	max_input_vars = 10000

For the .htaccess file, use this code:

php_value max_input_vars 10000

1	php_value max_input_vars 10000

Now, check if the Magento 2 Invalid Form Key error reproduces or not. If it does, try the next solution.

Solution 3: Change the Magento Base URL

The next solution is to change the base URL of Magento. You can do it in two ways:

Using phpMyAdmin
Using CLI

Here’s how to change Magento 2 Base URL using phpMyAdmin:

Log into phpMyAdmin and find the core_config_data table in the database.

Now, change the web/unsecure/base_url value to https://127.0.0.1

Click “Go.”

(Make sure to use the correct protocol as per your site i.e. http:// or https://)

Here’s how to change Magento 2 Base URL using CLI:

Use the following command to change the Magento 2 Base URL:

php bin/magento setup:store-config:set --base-url="http://127.0.0.1:8080/"

1	php bin/magento setup:store-config:set --base-url="http://127.0.0.1:8080/"

Make sure to change the protocol asper your site i.e. http:// or https://

Now, run the following command to flush the cache:

php bin/magento cache:flush

1	php bin/magento cache:flush

And remove the cache folder by using the following command in the root Magento 2 directory:

rm -rf var/cache var/generation var/page_cache

1	rm -rf var/cache var/generation var/page_cache

That’s it!

In case you’re still experiencing the Magento 2 Invalid Form Key error, it’s time to consult an expert. Contact us now!

(based on 14 Reviews)

Jay Parmar

He is a Magento developer with over three years of expertise, specializing in customization and APIs. And he is also a wildlife conservation volunteer.

8 Best Shopify Apps For Quote [Enhance Custom Pricing]

7 Best Shopify Apps For Chargeback Prevention

Fixed: “Invalid Form Key. Please Refresh The Page” in Magento 2

Magento 2 Invalid Form Key Error – Possible Reasons

How to Solve “Invalid Form Key. Please Refresh the Page” in Magento 2?

Solution 1: Modify the Magento Installtion Directory File

Solution 2: Increase the max_input_vars Value

Solution 3: Change the Magento Base URL

Prev

Next

Learn The Best Way to Pass Parameter to URL in Magento 2

How to Force Only One Product Per Order in Magento 2

Leave a Reply Cancel reply

Customer Service

Quick Links

Address

Client's Love

Fixed: “Invalid Form Key. Please Refresh The Page” in Magento 2

Magento 2 Invalid Form Key Error – Possible Reasons

How to Solve “Invalid Form Key. Please Refresh the Page” in Magento 2?

Solution 1: Modify the Magento Installtion Directory File

Solution 2: Increase the max_input_vars Value

Solution 3: Change the Magento Base URL

Prev

Next

Learn The Best Way to Pass Parameter to URL in Magento 2

How to Force Only One Product Per Order in Magento 2

Leave a Reply Cancel reply

Customer Service

Quick Links

Address

Client's Love

Share

Copy short link