Support

Assuming you are using the .htaccess Maker feature: please try setting the "Set default expiration time to 1 hour" option to No and then click on "Save & Create .htaccess".

The root cause of this issue seems to be the same as your ticket 26290. This .htaccess option tells the web server to set the default expiration time by document type, including text/html i.e. the pages created by Joomla. This shouldn't be a problem as Joomla sends cache busting headers where necessary. Unfortunately, Joomla 3.4 and later have a significant bug / oversight in redirections. Instead of using HTTP 307 for temporary redirections from one page to the next, Joomla is using HTTP 301. Unfortunately HTTP 301 is the HTTP code for a permanent redirection which is cached by all major browsers (Chrome, Firefox, Opera, Safari, Edge). This causes the browsers to not visit certain pages which are necessary for Joomla! to operate correctly, causing this inexplicable errors. It took me a debugging session several hours long to figure that out last week. The next version of Admin Tools will contain a fix for this issue (we will not set up a default expiration time for text/html documents).

Yes. I believe it's a completely different issue with your server. There's only one way to troubleshoot it.

Start by disabling all options in the .htaccess Maker. This creates a .htaccess file which is functionally identical to the .htaccess shipped with Joomla. Test if the problem happens. If it does, it's unrelated to our software.

Then start enabling a few options at a time and create a new .htaccess. Test if the problem happens. If it does, it's one of the options you just enabled. Try switching them off one by one, generate the .htaccess and test again. This way you can find out which option causes this issue on your server.

FWIW I would expect that your problem would be more likely to happen because of Admin Tools' system plugin's session cleaning or a third party session cleaner, not the .htaccess. The security token is stored in the session. The session is remembered across page loads with a cookie. There's nothing in the .htaccess to remove the cookie and the session itself is controlled only by PHP code.

Just to make sure: you have disabled the "Set default expiration to 1 hour" but the login issue remains UNLESS you enable Cache Cleaner. If this is the case the problem you have is with your login module when you have Joomla's caching enabled. Even though that's outside of scope of our support I can give you a quick hint.

I would recommend disabling caching from Joomla's Global Configuration. If that works edit the login module's options and set Caching to None (instead of Use Global Option or something along those lines that it currently reads). Then re-enable Joomla's cache. This should work. If not either contact the module's developer or disable caching.

For what it's worth, we have chosen to disable caching on our site. As soon as we switched to PHP 7.0 our benchmarks showed a 20% performance drop(!!!) with file caching enabled. Turning off the cache made the site faster – and we had far less outdated cache issues to deal with. PHP 7 is blazing fast! Using caching on Joomla only makes sense on very large sites and only if you're using a memory cache, distributed on multiple servers (e.g. memcache, Redis). For the vast majority of sites you're better off just using PHP 7 and possibly enabling Zend Opcache, the code cache that ships with PHP itself – just remember to purge the code cache every time you update Joomla or one of its extensions.