TYPO3 Core

I have similar issues with the normal BE login from time to time. I need to clear the GET parameters then and then the BE works like normal.

I can confirm that bug.

URL: http://dev.demo-7.local/typo3/index.php?route=%2Fmain&token=32517423454ea0a4e9388fa736b4b2f92806a07e

Uncaught TYPO3 Exception
#1425389455: Invalid request for route "/main" (More information)

TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException thrown in file
/var/www/dev.demo-7/typo3_src/typo3/sysext/backend/Classes/Http/RouteDispatcher.php in line 47.

7 TYPO3\CMS\Backend\Http\RouteDispatcher::dispatch(TYPO3\CMS\Core\Http\ServerRequest, TYPO3\CMS\Core\Http\Response)

/var/www/dev.demo-7/typo3_src/typo3/sysext/backend/Classes/Http/RequestHandler.php:
00153:   /** @var RouteDispatcher $dispatcher */
00154:   $dispatcher = GeneralUtility::makeInstance(RouteDispatcher::class);
00155:   return $dispatcher->dispatch($request, $response);
00156:  }
00157: }

6 TYPO3\CMS\Backend\Http\RequestHandler::dispatch(TYPO3\CMS\Core\Http\ServerRequest)

/var/www/dev.demo-7/typo3_src/typo3/sysext/backend/Classes/Http/RequestHandler.php:
00090:   // Check if the router has the available route and dispatch.
00091:   if ($routingEnabled) {
00092:    return $this->dispatch($request);
00093:   }
00094: 

5 TYPO3\CMS\Backend\Http\RequestHandler::handleRequest(TYPO3\CMS\Core\Http\ServerRequest)

/var/www/dev.demo-7/typo3_src/typo3/sysext/core/Classes/Core/Bootstrap.php:
00286: 
00287:   // Execute the command which returns a Response object or NULL
00288:   $this->response = $requestHandler->handleRequest($request);
00289:   return $this;
00290:  }

4 TYPO3\CMS\Core\Core\Bootstrap::handleRequest(TYPO3\CMS\Core\Http\ServerRequest)

/var/www/dev.demo-7/typo3_src/typo3/sysext/backend/Classes/Http/Application.php:
00090:   */
00091:  public function run(callable $execute = NULL) {
00092:   $this->bootstrap->handleRequest($this->request);
00093: 
00094:   if ($execute !== NULL) {

3 TYPO3\CMS\Backend\Http\Application::run()

/var/www/dev.demo-7/typo3_src/typo3/index.php:
00018: call_user_func(function() {
00019:  $classLoader = require __DIR__ . '/../vendor/autoload.php';
00020:  (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run();
00021: });

2 {closure}()
1 call_user_func(Closure)

/var/www/dev.demo-7/typo3_src/typo3/index.php:
00019:  $classLoader = require __DIR__ . '/../vendor/autoload.php';
00020:  (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run();
00021: });

I reproduce at fix it everyday:¶

1. Work in the backend
2. Shutdown the VM (in which TYPO3 is running) but leaving browser tab with backend open
3. Sleep until next day ;-)
4. Startup the VM
5. Reload the browser tab with the backend
6. BE Login appears
7. Login to backend
8. Exception is thrown
9. Remove the route parameter in url + Enter
10. Backend is now reloading and shows 2 Validating the security token of this form has failed. Please reload the form and submit it again. error messages
11. After reloading backend with browser's reload button, everything is back to normal

I don't know if it is important, but I've set ['BE']['sessionTimout'] to 3600*24*7

I can confirm this problem as well.

The problem exists when you leave the backend open and switch the network, e.g work/home/VPN. When you then click any other link in the BE, you're logged out. Upon next login the above mentioned error message appears. Removing the GET parameters solves the problem.

I confirm the bug too.

I am also having this same issue but it's not because I'm changing network/IP stuff as one person reported was their cause.¶

1. I log into the backend using TYPO3 7.6.4 and PHP 5.6 I get the Uncaught TYPO3 Exception below...
2. I remove all get parameters and hit enter which at first appears I've completed login but there's TYPO3 backend error message, "Validating the security token of this form has failed. Please reload the form and submit it again."
3. I refresh the backend page and it takes me to the main BE login page again
4. I enter credentials and login succeeds
5. BUT Within 5 minutes I get the relogin modal that pops up informing me that my login expired even though I have it set to 36000 seconds. (I have not changed the IP of my computer or the website during this time.)

Uncaught TYPO3 Exception
#1425389455: Invalid request for route "/main" (More information)

TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException thrown in file
/home/example/public_html/vendor/typo3/cms/typo3/sysext/backend/Classes/Http/RouteDispatcher.php in line 49.

7 TYPO3\CMS\Backend\Http\RouteDispatcher::dispatch(TYPO3\CMS\Core\Http\ServerRequest, TYPO3\CMS\Core\Http\Response)

/home/example/public_html/vendor/typo3/cms/typo3/sysext/backend/Classes/Http/RequestHandler.php:
00159:         /** @var RouteDispatcher $dispatcher */
00160:         $dispatcher = GeneralUtility::makeInstance(RouteDispatcher::class);
00161:         return $dispatcher->dispatch($request, $response);
00162:     }
00163: }

6 TYPO3\CMS\Backend\Http\RequestHandler::dispatch(TYPO3\CMS\Core\Http\ServerRequest)

/home/example/public_html/vendor/typo3/cms/typo3/sysext/backend/Classes/Http/RequestHandler.php:
00092:         // Check if the router has the available route and dispatch.
00093:         if ($routingEnabled) {
00094:             return $this->dispatch($request);
00095:         }
00096: 

5 TYPO3\CMS\Backend\Http\RequestHandler::handleRequest(TYPO3\CMS\Core\Http\ServerRequest)

/home/example/public_html/vendor/typo3/cms/typo3/sysext/core/Classes/Core/Bootstrap.php:
00300: 
00301:         // Execute the command which returns a Response object or NULL
00302:         $this->response = $requestHandler->handleRequest($request);
00303:         return $this;
00304:     }

4 TYPO3\CMS\Core\Core\Bootstrap::handleRequest(TYPO3\CMS\Core\Http\ServerRequest)

/home/example/public_html/vendor/typo3/cms/typo3/sysext/backend/Classes/Http/Application.php:
00092:         }
00093: 
00094:         $this->bootstrap->handleRequest($this->request);
00095: 
00096:         if ($execute !== null) {

3 TYPO3\CMS\Backend\Http\Application::run()

/home/example/public_html/vendor/typo3/cms/typo3/index.php:
00018: call_user_func(function () {
00019:     $classLoader = require __DIR__ . '/../vendor/autoload.php';
00020:     (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run();
00021: });

2 {closure}()
1 call_user_func(Closure)

/home/example/public_html/vendor/typo3/cms/typo3/index.php:
00019:     $classLoader = require __DIR__ . '/../vendor/autoload.php';
00020:     (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run();
00021: });

Confirmed and still there in TYPO3 7.6.4

Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1425389455: Invalid request for route "/main" | TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException thrown in file /var/www/typo3/typo3_src-7.6.4/typo3/sysext/backend/Classes/Http/RouteDispatcher.php in line 49. 

Same for me. TYPO3 7.6.4
But this behaviour only happens to one of our backend users. This one user is in a special private network with different network policies. If this user is connecting through a WIFI and a direct internet connection to our servers the user is able to connect properly.

I have the same problem, TYPO3 CMS 7.6.4, PHP 7.0.5

Same problem here
Typo3 v 7.6.6
php v 5.6.20

Maybe the login timeout AJAX call can redirect the main page to a sane url?

/typo3/index.php?ajaxID=%2Fajax%2Flogin%2Ftimedout&skipSessionUpdate=1

This seems to work too:

$GLOBALS['TYPO3_CONF_VARS']['BE']['lockIP'] = 3;

This will only check the three most significant parts of the IP address of the remote host IP (you).

May break when using IPv6 ?

And you may need to adjust according to your network setup. If you have different subnets for wired and wifi network you may need to lower the 3 to 2.

More info in typo3/sysext/core/Configuration/DefaultConfiguration.php

Bug is still present in TYPO3 8.5.0-dev

@Josef Do you have any steps to reproduce? Otherwise it is really hard to investigate here.

1. Log in the BE
2. Change IP address (ex: disconnect and reconnect to internet), no need to wait for session timeout
3. Click a link in the BE (ex: a page in the page tree)
4. Re-log in the BE.

Now you got the error:

Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1425389455: Invalid request for route "/main" | TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException thrown in file /typo3/sysext/backend/Classes/Http/RouteDispatcher.php in line 49

The issue is a token mismatch. Think a check needs to be added that catches the exception and re-routes to login when the token check fails.

You can easily reproduce the behavior with the chrome browser devtools and switch from user-agent/device.

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50687

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50689

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50688

Patch set 2 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50689