cPanel 11.38 enforces security tokens

The cPanel 11.38 release disabled the ability to turn off security tokens, and it’s now a forced option for all cPanel users. This was done to provide an extra layer of security and to help prevent CSRF (Cross-site request forgery) attacks.

What do security tokens look like?

When you’re logged in to either cPanel or WHM, you’ll now see cpsess followed by a number in the address bar.

cPanel

cPanel security token

WHM

WHM security token

In this case you can see I’ve highlighed cpsess8185580286 when trying to access cPanel and cpsess4067102361 when trying to access WHM, these are the security tokens for those particular login sessions of mine.

What do security tokens do?

A security token is simply a string of text that is uniquely generated on each login session. It can help ensure that an unauthorized user does not hijack a user’s session, and will require re-authentication if the security token does not match what is stored for the session.

A good example of when you might encounter issues with cPanel security tokens, would be trying to bookmark a particular page in cPanel. For instance if you bookmarked the Addon Domains page in cPanel the URL would be something like this:

https://vps1234.inmotionhosting.com:2082/cpsess515294239/frontend/x3/addon/index.html

If you try to come back to that page a day later, your cPanel login security token isn’t going to match that URL. So you’ll be presented with the cPanel HTTP error 401 Invalid security token message.

Now you can simply type in your cPanel password and click on Click here to proceed with the current request

Enter password to proceed

The address bar will now show that you’re using a different security token for this session

https://vps1234.inmotionhosting.com:2082/cpsess8212191699/frontend/x3/addon/index.html

What can I do if I can’t login to cPanel now?

If you’re having issues logging into cPanel because you keep getting the HTTP error 401 Invalid security token error. You should be able to type in your cPanel password again, or you can try to log out of cPanel and clear all of your cookies for the server.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

9 thoughts on “cPanel 11.38 enforces security tokens

  1. Hello Dear ,
    i have want to know the cpanel access . my web developer did not provide me cpanel access and email password he did not pick my call how can i get my c panel access. thanks

    1. Hello Mariosolsporscompany – If you are the owner of the account, then you should contact our live tech support team to get help with access to cPanel. If you are not the owner of the account, then you will need to .contact that person to get access or for alternative access to.

  2. I can’t log in no matter if I try from saved informatoin or a clean attempt. Also the “chat” function does not work as there is no submit button or does hititng the enter/return key work.

  3. Hello!

    I am facing a problem when I login through webmail.dieselmachinery.com.sa with my ID that showing the Security token missing option. So let me know how i can fix this problem

    1. Hello Rashid Abdul Latif,

      Thanks for the question about the Security token. If you are using a stored link to get back to your webmail, make sure that the session ID is not included in the URL and then you will not see that message. This is the response from the cPanel support forum.

      I hope this helps to answer your question, please let us know if you require any further assistance.

      Regards,
      Arnel C.

  4. The system does not present the  cPanel HTTP error 401 Invalid security token message. It simply says “File Not Found”

  5. After many years of logging into CPAnel using the same URL and password, a week or so ago I suddenly was confronted with File Not Found, Session Timed Out errors and a password rejected loop. Or I could reach the CPanel home page, but when clicking on File Manager the log-in screen came back up. This happened whether logging in with Chrome or Microsoft Edge. I had no idea what was going on – I saw the cpsess text in the URL but my web hosting company did not display any message explaining this addition.

    I am no computer expert – I thought it might have to do with my upgrading to Windows 10 or some other error on my part. My host contact wrote that he had never experienced this kind of problem – he suggested maybe it was a problem with my computer (not so, because I tried to get in using another computer in the office).

    After dealing with this for several days I finally decided to try cleaning the various caches using CCleaner. This helped sometimes! Then, after much searching I found this URL that explained the whole thing. It certainly would have helped if my host had issued an explanation.

  6. so do I have to live with always having to receive this message and never being able to log-in to my cPanel account as a secure connection?
    Do I have to live with ALWAYS having to retype my username & password ?
    What?

Was this article helpful? Join the conversation!