From the creators of Nextend Social Login: Meet Mosaic, our new visual theme builder for WordPress.
Join Beta
Pricing
About
Docs
Blog
Help
Login
Start for free

Nothing happens after login

Documentation
>
Getting started
>
Troubleshooting
Getting started
Installation guide
Usage
Authorize Pro Addon
Changelog
Troubleshooting
Why is there no Instagram provider?
Settings
General
Privacy
Buttons
Widget
Pro Provider Settings
Providers
Facebook
Google
X (formerly Twitter)
Apple
Microsoft
LinkedIn
Amazon
PayPal
GitHub
WordPress.com
Disqus
Yahoo
Discord
TikTok
Slack
Line
Steam
Twitch
Spotify
Reddit
Kakao
Patreon
VKontakte
Form integrations
Login Form
WooCommerce
Comment
BuddyPress
MemberPress
UserPro
Ultimate Member
Easy Digital Downloads
Custom Actions
For developers
REST API
Theme
Composer repository
Hooks
Translation
Guides

Unable to validate CSRF state

The problem is often related to the server’s cookie-related caches. Some servers only accept special cookie names as the caching server allows only these special cookie names. You should get in touch with your host and ask them about their cookie-related caches.

  • Pantheon server: If you’re using Pantheon server, update your Nextend Social Login version to 3.0.6 or greater, where the error should be fixed.
  • LiteSpeed Cache: If you’re using the LiteSpeed Cache plugin, you may need to add the following lines to your .htaccess file:
  • If you can whitelist cookies on your server, try whitelisting SESSnsl, which is the cookie we’re using. If your host has a strict policy of the cookie names they accept, you could try overriding the default names. The name of the session cookie can be changed with the nsl_session_name filter and NSL_SESSION_NAME constant.

Misconfigured Object Cache

You can also see this error if something (like a 3rd party plugin) messes up the site transients and prevents us from accessing them. Usually, database or object caches create such problems when they’re configured wrongly. Try turning off your object/database cache temporarily and see if the “Unable to validate CSRF state” error still shows up.

If your object cache has no option to turn it off, you can also move the object cache specific plugins out of the WordPress root folder to disable them. You will typically find these object cache plugins in the “mu-plugins” or “wp-content” folders.

If that resolves the problem, then:

  • Most likely, you don’t have the prerequisites ( such as the .dll file – the PHP extension – that that object cache relies on, or the object cache server – daemon – is not started ) to use object cache on your site. Some object caches typically have a status page where you can see if there are issues with your configuration.
  • If you want to use an object cache, then get in touch with the support team of the database/object cache you’re using, they could tell you how to configure it properly.

Varnish

Varnish Cache is a high-performance HTTP accelerator ( specifically a reverse caching proxy ) that stores copies of web pages in memory to speed up content delivery and reduce server load. Varnish Cache works by sitting between the client and the web server, intercepting HTTP requests. When a request is made, Varnish checks if a cached copy of the page exists. If it does, it serves the cached version instantly otherwise, it fetches the content from the server and stores it in memory, and later delivers it to the client for faster future access.

Caching our authentication requests could invalidate the CSRF state. To avoid such problems, you need to add 2 exclusion rules:

  • one for the “SESSnsl” cookie
  • and another for the “?loginSocial” GET parameter

Some server hosts like Cloudways have an interface where you can manage Varnish, e.g., in the case of Cloudways, exclusion rules can be added like this.

Unable to validate CSRF state
Server cookie rules
Misconfigured Object Cache
Varnish
🍪 We use cookies!

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. You can manage your preferences or learn more in our Cookie Policy.

Accept all
Reject all
Cookie Policy