I have a couple of customers who have this error message pop up and they cannot log in to their accounts.
The error message is:
session token expired, please reload the page
My server is configured as follows:
Webserver Nginx and Apache
Nginx and Apache running on default templates and both running 7.3 FPM with default templates and forced for Apache
Domain server configuration is 7.3 fpm and all templates set to default
Mod Security is set to Combo WAF (V1.223) and process all rules
There is no cron job set to clear server cache
The customers are having problems logging in to a Wordpress site running Woocommerce
Wordpress version 5.9.3 and Woocommerce 6.4.1
I'm not running any pluging cache, so the only cache is server side
The site does have an htaccess file (used mostly for Yoast)
And site wide the security is handled by Wordfence Pro v7.5.9
Customers are reporting that if the refresh the browser after having the error, they still cannot log in or enter address details. Some have cleared cache on their devices and some have tried other browsers, but still get the error.
This suggests to me that this is server side and probably a misconfiguration with cache and security.
Anyone have any idea where I should start with this please. I'd be very grateful for any help.