Invalid CSRF Protection Token, Fix WHMCS Plesk

Hello,

There are a few work arounds for this issue on Plesk. Those issues all have you changing permissions on the primary session folder on the server os itself. This folder is shared by all websites by default. These methods also requires that you have full root credentials. I will list a more secure way to handle this all from Plesk CP and FTP.

Step #1.

Log into your domain via FTP and in the / folder create a new folder called session and chmod to 755.

Step #2.

Log into Plesk Domain Control Panel.

Step #3.

Under Domain section Click on PHP Settings

Step #4

Scroll down to session.save_path

Click in the text box and you can type the new path, on RedHat Distro's

/var/www/vhosts/{yourfulldomainhere.tld}/session

Click Apply.

Step #5

Refresh WHMCS interface and try to save from any page.

Step #6 (optional)

check the session folder via FTP or File Manager... you should see your private session files.

This information is just meant to help those without root access and those that do not want to risk the security of the entire server. Session files are secured in your own private directory. I hope this helps.

Thank you very much for providing this information! took me days not getting anywhere!