One of the most common problems that people have when updating from one version of Joomla to another is when they encounter a cryptic “Invalid login” error that appears on the screen.  The problem arises from a failure in the script ../administrator/components/com_joomlaupdate/restore.php, however, knowing which line(s) of code generate the error message is not enough to answer the question:  “What is this ‘invalid login’ we're talking about?“References:

  ▫  "Invalid login" when attempting to update Joomla 3.4.8 to 3.7.5
  ▫  Error 'Invalid login' when trying to update to 3.9.22
  ▫  Trying to update from 3.9.8 to 3.9.16, error - invalid login
  ▫  Error: Invalid login during Joomla upgrade
  ▫  Invalid login when upgrading
  ▫  ERROR: Invalid login - Joomla 3.9.1 Update
  ▫  Got error Invalid Login with 3.9.26 update
  ▫  Invalid login on update
  ▫  Update to 3.9.23 stops with Error: Invalid login
  ▫  Errors in 2.5.26, 3.2.6, and 3.3.5
  ▫  ERROR: Invalid login
  ▫  ERROR: Invalid login - Joomla 3.9.6
  ▫  Error: Invalid login
  ▫  3.9.19 to 3.9.20: AJAX Loading Error: Invalid login
  ▫  I can't get update Joomla from 3.7 to 3.9, I see error invalid login
  ▫  Invalid Login during update
  ▫  Again - Invalid login Error

“Invalid login” is a kind of catch-all error condition that occurs when something goes wrong during the unpacking of the Joomla update package.  You’re probably scratching your head at this lack of specificity but that’s really all we can say about the error message.  We are able, however, to list a few common causes that contribute to problems when running the Joomla! Update component even if we cannot pinpoint the exact cause in every circumstance.

What causes the “Invalid login” error?

This error is a bit like the inexplicable HTTP 500 Internal Server Errors that we encounter from time to time:  some condition exists that prevents a web server from continuing to execute a procedure.  In the situation we're discussing, we're not talking about an “internal server error”; we’re discussing a situation when the Joomla! Update process is unable to unpack the update file because there is an unhandled authentication problem.  Something went wrong but there is no real clue about what it was.  It may better if the screen dialog was changed from



to

I am not saying that changing the popup message will help people better understand what went wrong but, at least, it doesn’t mention logging-in.  If the message was “better” then maybe people would not be asking as many questions as they do.  It’s not for me to say what the message should or should not say.  I’m just offering one opinion. 

How to fix the error?

I don’t want to seem flippant, but if we knew the answer to this question then I wouldn’t be writing this article.  If you look at the references at the end of this article, there are as many causes (as well as solutions) that contribute to the condition and there does not seem to be one “solution” that solves all of them.  We can say, though, that this matter is a contributing factor to disappointment, disenchantment, disillusionment and frustrations that people have with updating from one version of J! to another.  The more problems that people have, the more frustrated they will become until they eventually tire of continually dealing with these issues and seek a “better” way to build their website(s) which may, unfortunately for the Joomla community, mean that people will abandon Joomla!  We can chart the degree of confidence that people have with a product against the number of problems they have with that product like this:

In other words, the less problems that people have the happier that they are with a product and, conversely, the more problems that people have the less happy they are with a product.

The causes and solutions to the “invalid login” error can be grouped like this:

Since the arrival of J! 3.0.0, there have been one hundred stable releases for J! 3.x.  This does not even include the dozens more releases for J! 2.5, J! 4.x—alphas, betas, release candidates—that have occurred.  Even taking a conservative estimate of the times that I have used Joomla! Update to update, say, ten websites from one version to another, I would guess that I have performed one thousand or more updates.  In all of that time I cannot recall experiencing the “invalid login” error.  I would not attribute this to good fortune; there must be a reason why this does not happen in my case.  Therefore, while I have little or no direct experience with the “invalid login” situation, I attribute my success to paying attention to how I’ve configured my hosting environments and I suggest that people reading this article should also look to how they’ve set things up rather than putting these things down to bad luck.

1. Transient server problems:  not a very scientific explanation but some observers have noted that the error occurs once but disappears when people re-run the update procedure again and the update completes successfully.  We don’t know why this happens—I can’t remember it happening to me—but it’s possible the web server was busy doing something else at the time and was unable to properly handle the request.
   
   
2. Browser-specific problems:  some observershttps://github.com/joomla/joomla-cms/issues/23201 have noted that the error occurs with certain browsers, that is, if the update didn’t work in Google Chrome (for example), switching to Mozilla Firefox resolved the problem.  I have my doubts but, because I mostly use Mozilla Firefox, I haven’t had the problem.  By the same token, I’ve used a variety of different web browsers—Opera, Internet Explorer, MS Edge, Google Chrome, etc. including incognito mode—to try to reproduce the error and I haven’t been able to do that.  It’s possible that some browser extensions may play a part but I cannot confirm any of these theories.
   
   
3. Permissions:  standard UNIX permissions should be adequate for J! websites.  Included in this category of problems is relying on the FTP Layer setting in the Global Configuration.  Many observers have noted that the FTP Layer is unreliable and should not be usedAfter some debate about whether to retain or remove this setting, the decision was made to remove the FTP Layer setting from J! 4.x.. The FTP Layer setting was always intended as a workaround in cases where the webhosting environment did not properly work with UNIX permissions, to overcome file ownership issues (that can be addressed in other ways, e.g. CHOWN).  If the folders and directories are owned by apache:apache (for example) there should be no need for this workaround.  I do not recommend the use of 777 permissions for folders and files; if people have problems with file ownership or permissions and they cannot resolve these themselves, I recommend that they discuss these matters with their webhosting provider or use a different webhost provider.
   
   
4. Timeouts/inadequate PHP quotas:  Joomla! Update requires a stable connection to the internet.  If your internet connection is not working properly, check the internet connection.  The update packages are also quite large (e.g. the current patch package to update from J! 2.5 and previous J! 3.x releases to J! 3.10.8 is nearly 12 Mb; a similar patch kit to update from J! 3.10 and previous 4.x releases to 4.1.2 is nearly 17 Mb).  Therefore, Joomla! Update needs a reliable internet connection to handle the downloads.  Additionally, the server needs to be able to accommodate these large file sizes as well as the length of time needed to execute the instructions that perform the update.  I suggest that people familiarise themselves with my earlier article 10 things you can do today to make certain you can update your Joomla! website.
   
   
5. The “nag factor”:  people become frustrated by the continuing reminders to update Joomla and desperately try any method to stop being hassled.  As we all know, the best way to stop receiving notifications from your J! website about the availability of an update is to actually update your website.  There are other ways to stop feeling hassled (e.g. to disable the System - Joomla! Update Notification plugin) but I do not recommend doing those things.  For one thing:  people forget; for another: people can irretrievably damage their website if they do not use the Joomla! Update component in the way that it has been designed to be used.  Furthermore, if a previous update attempt was unsuccessful—for any reason—and people are unaware of the non-success, the problem can compound; in other words, if a previous attempt was unsuccessful, any future attempts will exacerbate the situation.  If people feel nagged by continuing reminders about updating their J! website(s) then they may need re-think their website maintenance strategy; if you don’t have what it takes to maintain a website it may be an opportunity to give the job to someone else.
   
   Above all else, do not resort to desperate measures such as thinking that your problems will disappear if you simply overwrite your file system with the contents of the latest Joomla installation package.  That’s actually how many of these problems begin!

I don’t have all the answers and I don’t know all the reasons why the “invalid login” error happens and I don’t think anyone does.  I’ve tried to give a brief overview of some of the circumstances that occur and some of the solutions that people have found.  If there was a silver bullet then I’m sure there would be a long queue of people waiting to buy it.  The solution largely rests in your hands and I wish everyone good luck in finding the solution that just right for each person.