since we have been working with more than 3 people in the panel (different acounts), we have all received the message invalid csrf token after the session is invalid. Relogin is not possible than. After shift reload → deleting the session cookie, we are able to login again.
If I understand correctly, you can login and work in the Panel without issues most of the time but sometimes run into this invalid session issue? Or all the time and you cannot really use the Panel?
everytime the session is invalid we are getting this message and have to delete the cookie (shift reload). After that we can login as ususal. If the message pops up it is not possible to login with the correct login data.
Hm, maybe it would already help to set the session time to a longer period? But the question is why the cookie is not deleted if the session is no longer valid. Have you tried with another browser?
hmm maybe it’s not only the cookie. i can delete the cookie (kirby_session) via browser console (chrome) → press login → message comes up. shift reload → press login → works.