I'm sorry that the new cPanel 11.38 enforcing security tokens
is an inconvenience for you.
As Arnel was mentioning if you try to access cPanel again with the same cpsess...
session, while that session is still active, you'll get right in. But if your session expires, you will be required to log back in.
The main reason why cPanel made this update and then forced a roll-out, is to help stop CSRF or (Cross-site request forgery) attacks. As online attacks are at all time historical highs, unfortunately security typically trumps the user experience for these types of matters.
A basic example of this would be that you could be logged into your cPanel interface at a coffee shop, and then an attacker monitoring traffic could see that you've successfully logged into cPanel. They could then attempt to forge a request to the server pretending to be your computer. Since the server knew your computer logged in, it would allow that forged user to not have to login because it thinks you're the same client, and then the next thing you know they could delete all your email accounts or worse access your file manager and upload malicious files without your knowledge.
Because cPanel now utilizes security tokens, if an attacker would attempt to forge a request to the server, it would see that the unique security tokens don't match up, and it would ask for the cPanel credentials again to verify this is still a valid user and client, thus protecting yourself from possible account compromises.
On a VPS
, or a dedicated server
, you could opt to not run the STABLE
release of cPanel, to avoid this security update. However it wouldn't be advisable to do so, because as more and more cPanel servers are updated, it leaves a much smaller pool of non-updated servers that attackers will strictly go after, knowing they're easier to exploit than the latest release.
If you had any other questions at all, please let us know!