Can't log in to mediawiki: canceled as a precaution against session hijacking?

<ol> <li>I'm using a private mediawiki hosted on AWS EC2 instance for years</li> <li>I thought something gone wrong with some extension, specifically stopping in the middle of math rendering, so I tried to reload the page with Google Chrome browser's cache were all erased.</li> <li>Right after that, I can't log in seeing this message "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again."</li> </ol>

I tried, 1. restart apache server 2. tried MediaWiki sessions and cookies not working on multi-server behind CloudFlare 3. tried Mediawiki, can't login after password change 4. tried "go in your LocalSettings.php and at the end add the following code of line :session_save_path("tmp");Create a folder "tmp" in your wiki installation directory. give rights 777 (permissions)" as in https://www.mediawiki.org/wiki/Topic:Pjby0sdeg3e60rfy 5. checked the server's hard disk storage, but it has free space of way more than 3.5gb.

How do I fix this and is there any way of disabling this really helpful "PRECAUTION" feature?


Turned out to be something went wrong with cache settings in LocalSettings.php. Resolved after removing (almost all) customized cache settings.


MediaWiki authentication and session handling has been rewritten for 1.27; see announcement (the last section). Session hijacking warnings mean the CSRF token you are submitting was not found in the session, which in turn usually means the session storage is configured wrong.


Adding $wgSessionCacheType = CACHE_DB; to LocalSettings.php solves the problem. No need to change $wgMainCacheType.

This works, without the "precaution against session hijacking" error:

$wgMainCacheType = CACHE_ACCEL; $wgSessionCacheType = CACHE_DB;


Twice now, we started getting this error after the server ran out of space. Turns out, both times it was because the objectcache table had been corrupted.

To fix it, just run the SQL statement (e.g. at a MySQL prompt):

REPAIR TABLE objectcache;


  • Can I use jquery.uls on a MediaWiki wiki to get a language code from the name of a language in Engli
  • How to add custom tab button with external link?
  • The element tree xml
  • Did Youtube and Wikipedia use a PHP-framework? [closed]
  • Session management in GWT client side
  • PHP Post & Redirect with cURL Same As HTML Form [closed]
  • IP and domain create different session
  • Selenium and Google - How do you use cookies?
  • draw pie chart using iOS quartz 2D
  • How to make a user wait with Laravel
  • jQuery and Uploadify session in the php file
  • Checking if the Faye server exists before running it for my Rails app
  • Slicing an SPA into several components and use AngularJS
  • Real Time CountDown Timer In Python
  • Backward compatibility of Python 3.5 for external modules
  • Single django queryset to get n adjacent items
  • Retaining data after updating application
  • Is there a way to dynamically embed PDF Files in a JSP pulled from the file system?
  • Java color detection
  • Sequential (transactional) API calls in angular 4 with state management
  • How to define custom class, title, and target in Link Browser for content elements and the new rte_c
  • Ionic 2 storage is not cleaning up on uninstall - Only for signed APK
  • preg_replace Double Spaces to tab (\\t) at the beginning of a line
  • JSON response opens as a file, but I can't access it with JavaScript
  • MongoError: Incorrect arguments
  • Django rest serializer Breaks when data exists
  • Accessing IRQ description array within a module and displaying action names
  • Resize panoramic image to fixed size
  • Volusion's generic SQL folder, functionality
  • Updated Ionic CLI but shows previous version (Windows)
  • Timeout for blocking function call, i.e., how to stop waiting for user input after X seconds?
  • Matrix multiplication with MKL
  • Hits per day in Google Big Query
  • How do you join a server to an Active Directory (domain)?
  • coudnt use logback because of log4j
  • File not found error Google Drive API
  • Authorize attributes not working in MVC 4
  • UserPrincipal.Current returns apppool on IIS
  • Converting MP3 duration time
  • Conditional In-Line CSS for IE and Others?