How to Fix Invalid Form Key Error

If you get the dreaded “Invalid form key” error while logging in or working in the admin, something is wrong with your setup.

Since version (and patch SUPEE-6788), Magento requires a secret form token to prevent XSRF attacks. Here are some solutions. For these solutions we assume that you have Magerun installed, because on Hypernode it is installed by default.

PHP choking on too many form values?

Create a file /data/web/public/.user.ini with this line:

max_input_vars = 75000

Last resort: disable admin form key

If you are locked out of your admin panel, you could use this as last resort:

magerun config:set admin/security/use_form_key 0
magerun cache:flush

However, this should only be used as a temporary measure, so you can figure out what is wrong with your setup.

Need help?

Magento is no easy open source CMS. Although we’re very skilled in hosting Magento shops, making them fast and keeping conversion high, we’re no Magento developers. Luckily, we know a lot of agencies that do know a lot about how Magento works. If you need help, don’t hesitate to contact one of these agencies.