Magento: Invalid Form Key. Please refresh the page.
We have worked on creating custom plugins for Magento for a while now. At some point or another, as any developer, you will hit a problem with having more than a thousand products in your category. The problem will manifest itself with category product truncation to a 1000 products upon saving the category. This issue is very common and talked about in many articles and stackoverflow.
There are a few suggestions out there to fix the issue. One suggestion is to raise the ‘max_input_vars’ to more than a 1000. To avoid opening up the server to DDOS attacks, we have not modified this server configuration, but used the other suggestion and extended the magento controller. However, this issue goes beyond just fixing the save category method of the controller. A few months after the fix we hit a point where we couldn’t search the category either. If you modify a product (e.g. position of a product), then try to search the category, it will produce a “Invalid Form Key. Please refresh the page” error. This error appears because the nonce key that is supposed to be passed with the search through ajax is being truncated because of the same 1k POST limit as well. So it checks for the key, if it doesn’t exist, it doesn’t allow you to proceed with the search. Now you either need to fix the search via another controller overwrite, or you just increase the server configuration for admin panel only.Instead of tinkering with Magento overwrites some more we decided to implement an admin only max_input_var increase by placing this in the WHM’s .conf include:
<LocationMatch "/(index\.php/)?admin/">
<IfModule mod_php5.c>
php_value max_input_vars 75000
</IfModule>
</LocationMatch>
The Apache Include files are an easy way of managing your server configurations via WHM. Just type in “Apache Configuration”, click on the “Include Editor”, insert into the pre-main.conf editor. Save & restart apache.