Invalid token errors in Joomla are handled sub-optimally. A white screen appears showing the error:

'Invalid Token'

This does not mean anything to the casual web user; it certainly does not tell anyone how to recover form the error.

Expected result

Instead of an invalid token error, the Joomla/template error page should be loaded with instructions on how to recover

Actual result

White screen: Invalid token

System information (as much as possible)

Jooomla 3.4.5

Additional comments

In order to simulate an invalid token, head to http://yoursjoomla.com/index.php?option=com_users&view=login

Using browser developer tools, explore the login form and at this line:

<input type="hidden" name="21c90b1ad7d44fcdad27ae14eb9d3461" value="1">

delete the contents of 'name', leaving it as "". Without reloading the page enter your username and password. Result: Invalid Token.

My proposal:

In:

/components/com_users/controllers/user.php

Replace line 30:

JSession::checkToken('post') or jexit(JText::_('JINVALID_TOKEN'));

with:

$currenturl = JURI::current();
        JSession::checkToken('post') or jexit(JError::raiseError( 'Woops', 'Something went wrong.<br><br><a href= ' .  $currenturl . '   >Please <span style="text-decoration:underline">click here</span></a> to reload the page you were trying to access and try logging in again' ));

This code will load the error page on invalid token at login events and provide a link to navigate back to the page you were on in order to try again.