For anyone reading this - you need to go back to your administrator home page
example.com/administrator

Then go to Extensions -> Manage - >Database

You should see a message that the db is out of date

Click on the Fix button in the toolbar and you will be all ok

It'll be fine for updates going forward. Updates pre-3.6.1 though will hit
the error.

On Wednesday, August 3, 2016, zero-24 notifications@github.com wrote:

Steps to reproduce the issue

• Install 3.6.0
• try to update to 3.6.1

Expected result

Update to 3.6.1
Actual result

The most recent request was denied because it contained an invalid
security token. Please refresh the page and try again.
System information (as much as possible)

Maybe realted to the last sec fixes?
Additional comments

This code is the code that triggers the error:
https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_joomlaupdate/controllers/update.php#L97
because pre update the hash is not added.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#11426, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWfoS8nQFLFo4mDwxTTreXi-AQfxMEeks5qcQ3HgaJpZM4JcItj
.

I made a fresh J3.6.0 installation

• then tried to update to J3.6.1

Files are updated but, during doing:

http://localhost/.../administrator/index.php?option=com_joomlaupdate&task=update.finalise

you get:
The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.

And the DB updating does not completes.

Going to the Extension/Manage/Database,
you see that it still says J3.6.0 and asks you to "Fix"

Standby. The security fixes introduced a check that can never pass on
older version updates. I gave George a possible workaround. I'm not doing
the work for it though, I'm at a bar and don't have the tools to do it.

On Wednesday, August 3, 2016, Georgios Papadakis notifications@github.com
wrote:

I made a fresh J3.6.0 installation

• then tried to update to J3.6.1

During doing:

http://localhost/j360/administrator/index.php?option=com_joomlaupdate&task=update.finalise

you get:
The most recent request was denied because it contained an invalid
security token. Please refresh the page and try again.

And the DB updating does not completes. Going to the "Database" you see
that it still say J3.6.0 and asks you to "Fix"

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#11426 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWfoYw8JrCsecMSNMcbFY1w_6qUcLboks5qcRF-gaJpZM4JcItj
.

I had the same page. Resolved just coming back to the previous page and using the Joomla! Update package uploader.

I create a page on JDocs thanks to your comments so that people don't panic:
https://docs.joomla.org/J3.x:Update_fails_with_an_error_message
If you want me to add anything on this page, don't hesitate

Going back to the Joomla Update page after this error is fine, however it then asks you to Reinstall Joomla core files.
Assuming you aren't using Akeeba Backup, performing a manual update by installing the update package zip solves this.

Anyone using Akeeba backup will continuously get this error unless they disable the System - Backup on upgrade plugin. @Sandra97, might be an idea to add this to the Docs page

@Sandra97 i have just extend the doc page maybe a native speaker can have a look over my denglish? ;)

@C-Lodder

Reinstall Joomla core files.

This is a new function in 3.6.0 and has nothing todo with this issue here ;)

A security issue requiere now a security token that can never be generated by an older version.
@zero-24 please fix:
requires now a security token that cannot be generated

@zero-24, thanks for the add. I corrected a bit your english, but I'm not English neither ;)

I rewrote it with some more info

Thanks

Thanks all

About running database "Fix"

• it is not enough

If you upgrade from J3.5.x then you will miss all the upgrade SQL statements

• Update
• Insert

(Database "Fix" only checks and run SQL queries that bring the DB schema to be up-to-date)

Thus things that depend on them will not work:

e.g. Install new languages listing will be empty
e.g. Installer will not have its installer plugins enabled (this is fixable with discover, etc)
e.g. Some new update site urls will not be added

So is the current "quick fix" only for updating from 3.6.0 to 3.6.1, or?
@wilsonge, could you comment?
Current changing message via tweets and docs is confusing.

@JacquesR yes. We now force to update from pre 3.6.0 first to 3.6.0 and after that you see 3.6.1 see: joomla/update.joomla.org@3984c9b

Also there is a com_joomlaupdate package out for installation via com_installer

TBH the block against 3.6.1 from 3.5 and earlier only minimizes the damage
(i.e. People not updating extensions before core). Installing the update
component's update first in all cases should result in the update being
applied smoothly.

On Wednesday, August 3, 2016, zero-24 notifications@github.com wrote:

@JacquesR https://github.com/JacquesR yes. We now force to update from
pre 3.6.0 first to 3.6.0 and after that you see 3.6.1 see:
joomla/update.joomla.org@3984c9b
joomla/update.joomla.org@3984c9b

Also there is a com_joomlaupdate package out for installation via
com_installer

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#11426 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWfoUbrF6VJq86x0ROa960W8zSlrultks5qcSUAgaJpZM4JcItj
.

@mbabker no.

Installing the update
component's update first in all cases should result in the update being
applied smoothly.

3.5.1 -> Update com_joomlaupdate -> Update to 3.6.0 works -> but reinvent the wrong com_joomlaupdate files -> update to 3.6.1 fails.

so we need to limit the install of com_joomlaupdate to 3.6.0 this is the only version it can help.

The intermediary block that was imposed by locking 3.5 and earlier to 3.6.0
is why it breaks. It's an unneeded step for anything newer than 3.3.5.

On Wednesday, August 3, 2016, zero-24 notifications@github.com wrote:

@mbabker https://github.com/mbabker no.

Installing the update
component's update first in all cases should result in the update being
applied smoothly.

3.5.1 -> Update com_joomlaupdate -> Update to 3.6.0 works -> but reinvent
the wrong com_joomlaupdate files -> update to 3.6.1 fails.

so we need ti lomit the install of com_joomlaupdate to 3.6.0 this is the
only version it can help.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#11426 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWfoevwDaoadsqjkuM8RPGTHyHLXdBaks5qcSZxgaJpZM4JcItj
.

correct. So there are two ways arround:

• allow pre 3.6.0 only to see the 3.6.0 update.
• than allow them to see the com_joomlaupdate update
• than install 3.6.1

OR

• allow all 3.3.5+ to see the update to 3.6.1
• and allow all 3.3.5+ so see the update of com_joomlaupdate
• so they first should apply com_joomlaupdate and than 3.6.1

You cant do option 2 as people will think they can just update joomla first

What are the fixes for those who have already updated to 3.6.1? (without having updated any component beforehand)

it depends from what version

if it is from 3.6.0 then just do the database fix and you will be good

Nothing Jacques. Future updates will be fine and there were no critical
changes for a 3.6.0 to 3.6.1 update that needs the finalise step to
trigger. For earlier updates, it'll be about the same as manually updating
or the update hitting an error before finalization finishes.

On Wednesday, August 3, 2016, Jacques Rentzke notifications@github.com
wrote:

What are the fixes for those who have already updated to 3.6.1?
(without having updated any component beforehand)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#11426 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWfocc-xTkAEI4jx2Zr_0nydG1PDPlwks5qcSlYgaJpZM4JcItj
.

Is this comment then wrong or not applicable? #11426 (comment)
(about updating from 3.5.x)

Thanks God, I am not alone, but i am experiencing another strange behaviour after updating to 3.6.1

I had the same error as mentioned above at the end of the uodate process, but after reloading the page all seemed good. Frontend came up as expected and I updated the next site.
When it came to the first offline site, I tried to login after updating but it was not possible (error 0 Failed to start the session: already started by PHP ($_SESSION is set)). No way to login to the frontend. After some time (I guess it was session expiring time) login to the backend wasn't possible either (same error message)
I tried to repair the database with phpmyAdmin but it didn't help. I deleted the records of xxx_session table - nothing

That means I don't have access to all updated sites - PLEASE HELP.
Thank You very much!

I can not replicate the error you got. Please open a new issue so we can keep this thread on topic.

Is this comment then wrong or not applicable? #11426 (comment)
(about updating from 3.5.x)

No. It is correct. You first need to update to 3.6.0 (from any version and this is forced now) --> than apply the com_joomlaupdate Update --> Update with the new com_joomlaupdate to 3.6.1

• Logged in on Joomla 3.6 with Akeeba Backup (backend/admin)
• Extentions - Plugins: Turned "Create backup when update" OFF
• Extentions - Manage - Database - Repair --> Done
• Controlpanel: backup 3.6.1 is available and Joomla! Update Component Update
• Started Update to J3.6.1 Msg: The most recent request was denied because it contained an invalid security token. Please refresh the page and try again.

So switching backup before update OFF doesn't help.

You are missing updating the Joomla Update component in that workflow:

• Logged in on Joomla 3.6 with Akeeba Backup (backend/admin)
• Extentions - Plugins: Turned "Create backup when update" OFF
• Extentions - Update - Update Joomla Update Component
• Control panel: backup 3.6.1 is available and Joomla! Update Component Update
• Update to J3.6.1

Tuscany58: (error 0 Failed to start the session: already started by PHP ($_SESSION is set)). No way to login to the frontend. After some time (I guess it was session expiring time) login to the backend wasn't possible either (same error message)

zero-24: I can not replicate the error you got. Please open a new issue so we can keep this thread on topic.

I cannot replicate it, either
It must be due to a system plugin
that comes with a 3rd party extension, that you have installed in all your websites,

that has some incompatibility

and yes better open new issue !

@zero-24 then my question remains: What is the fix for anyone who already upgraded direct from 3.5.x (or earlier?) to 3.6.1 (without updating the Joomla Update Component first) ?

We don't know yet.

What is the fix for anyone who already upgraded from 3.5.x (or earlier?) to 3.6.1 (without updating the Joomla Update Component first) ?

They're in the same boat as anyone who's done manual updates in the past or tried to update, hit an issue, and the "database fix" routine is all they did to "fix" their update issues. The finalise step of the update component does not run AT ALL. It is in that step where the core database migrations are run and old files are deleted, as well as other things.

@JacquesR

If you upgraded from J3.5.1, and you want to manually run the queries that "Fix" will not run

Here is exactly what do: (place your DB prefix in the queries)
#11156 (comment)

Could the re-install option via joomlaupdate not also work?

I have same error and on multiple websites (all with different configurations) so I do not subscribe to theory of 3rd party plug in. After updating to Joomla 3.6.1 exactly as it was advised. First updating com_joomlaupdate and then after that running Joomla 3.6.1 update. all goes well update is perfect everything good. Then i log out and then next time when I try to log in to back-end I get following error: Failed to start the session: already started by PHP ($_SESSION is set).

So update goes perfectly well I log out all good. But when I try lo log in to back end error. On all 5 websites all different configuration.

@sarsami Please open a separate issue, your issue is NOT related to the one being discussed here.

Sorry, post was adressed to @sarsami
@mbabker : This is exactly the same issue I have on 6 different sites.
Let's open an own thread as suggested above - this is very critical for me.

I will name the thread "No login at all after updating to Joomla 3.6.1"
Go there to document Your issues.

Please refer to this document for the original issue

https://www.joomla.org/announcements/release-news/5666-the-joomla-3-6-1-update.html

And I will close and lock this issue so this document is prominent. if there are any other 3.6.1 upgrade issues outside of the scope of the one reported in this document please open a new issue