SP Page Builder 6.4.0 - Save Fails With "Session Mismatched" On Joomla 5.4.5 - Question | JoomShaper
Back to the questions

SP Page Builder 6.4.0 - Save Fails With "Session Mismatched" On Joomla 5.4.5

D

dudumizi

SP Page Builder 1 week ago

Hello, I am unable to save any page in SP Page Builder Pro 6.4.0. Every save attempt returns "Session mismatched" with a 403 response. Environment:

Joomla: 5.4.5 SP Page Builder Pro: 6.4.0 PHP: 8.2 MySQL: 8 Server: Apache on cPanel shared hosting Template: Helix Ultimate

What I have confirmed:

Session IS stored correctly in database (client_id = 1, admin session) API Token is active for my user ModSecurity is disabled for this domain The POST payload contains NO Joomla CSRF token field Running document.querySelectorAll('input[name]').forEach(i => { if(i.name.length === 32) console.log(i.name, i.value) }) in the editor page console returns undefined — no token present The save POST goes to task=/editor.pages (note the leading slash)

Request: Please advise how SPPB 6.4.0 sends the CSRF token on Joomla 5.4.5 and whether there is a known fix or patch. Site URL: https://bateleursafaris.co.tz/administrator

0
7 Answers
Order by
Oldest Newest Votes
Toufiq
Toufiq
Accepted Answer
Senior Staff 1 week ago #223024

Hi there,

Thank you for reaching out, and I apologize for any inconvenience caused by this oversight. To better address the issue, could you kindly provide Joomla administrator access? This will enable me to thoroughly investigate the matter and provide you with a prompt resolution.

I appreciate your cooperation and will ensure to get back to you as soon as possible.

Best regards,

Toufiqur Rahman (Team Lead, Support)

0
D
dudumizi
Accepted Answer
1 week ago #223028

posted it

0
Toufiq
Toufiq
Accepted Answer
Senior Staff 1 week ago #223058

Can you provide me FTP access to download Akeeba backup file. I wanna check the issue on my locally. Thanks

0
D
dudumizi
Accepted Answer
1 week ago #223080

link to download backup file

0
Toufiq
Toufiq
Accepted Answer
Senior Staff 1 week ago #223083

It works fine on my localhost. I think your hosting server block to load resources of Page Builder. You can disable the mod_security from your server.

0
D
dudumizi
Accepted Answer
1 week ago #223086

Thank you for checking. I have WHM access for this server — could you please advise the exact steps to disable ModSecurity for this domain or directory via WHM? I want to make sure I disable it in the right place without affecting other sites on the server.

0
Toufiq
Toufiq
Accepted Answer
Senior Staff 1 week ago #223094

Method 01: Disable ModSecurity Globally (WHM)

Log in to WHM as root

Go to:

Home → Security Center → ModSecurity Configuration

You’ll see an option:

"Enable ModSecurity"

Toggle it OFF

Click Save

This will disable ModSecurity for the entire server.

Method 02: Disable for Specific Domain (Recommended)

Instead of disabling globally, you can disable it per domain:

In WHM, go to:

Home → Security Center → ModSecurity Tools

Click on "Disable Rules" or “Domain Configuration"

Select the domain

0