You try to post a status update on Mastodon and see the error message “Could not verify authenticity.” This error stops the post from being published and often appears after a network hiccup or session timeout. The cause is a mismatch between the signature your client sends and what the server expects. This article explains why the error occurs and provides the exact steps to fix it so you can post again.
Key Takeaways: Fixing the ‘Could Not Verify Authenticity’ Error on Mastodon
- Refresh the browser window: Clears a stale session token that causes the signature mismatch.
- Clear cookies and site data for the instance domain: Removes corrupted authentication tokens stored by the browser.
- Log out and log back in: Forces the server to issue a fresh authentication token and signature key.
Why Mastodon Rejects Your Status Update With ‘Could Not Verify Authenticity’
Mastodon uses a cryptographic signature to verify that a status update request comes from the authenticated user. When you log in, the server sends a session token and a signature key. Your browser or client uses this key to sign every request. If the token expires or the key becomes stale, the server cannot match the signature it receives against the one it expects. The server then returns the “Could not verify authenticity” error and discards the post.
This error commonly occurs after one of these events:
- The browser tab was left open for several hours or overnight.
- The Mastodon server restarted or updated its authentication system.
- Multiple tabs or devices are using the same session token.
- A browser extension blocks or modifies the request headers.
The error is not a problem with your account or the content of your post. It is a temporary authentication mismatch that can be resolved without contacting the server administrator.
Steps to Resolve the ‘Could Not Verify Authenticity’ Error
Follow these steps in order. Test your status update after each step. If the error persists, move to the next step.
- Refresh the browser tab
Press F5 or Ctrl+R on Windows, or Cmd+R on Mac. This reloads the page and requests a fresh session token from the server. Try posting the status update again. - Clear cookies and site data for the instance domain
Open your browser settings. Find the privacy or security section. Locate the option to clear cookies and site data for specific sites. Enter your Mastodon instance domain, such as mastodon.social or your own custom domain. Remove only the data for that domain. Reload the Mastodon page and log in again. - Log out and log back in
Click the gear icon in Mastodon to open Preferences. Scroll to the bottom of the left sidebar and click Log out. After logging out, close all tabs for that Mastodon instance. Open a new tab, navigate to your instance, and log in with your email and password. This forces the server to issue a completely new authentication token and signature key. - Disable browser extensions temporarily
Extensions that modify HTTP headers, block tracking scripts, or manage cookies can interfere with Mastodon’s authentication. Open your browser’s extension manager. Disable all extensions. Reload Mastodon and try posting. If the error stops, re-enable extensions one by one to identify the culprit. - Try a different browser or private window
Open a private or incognito window. Navigate to your Mastodon instance and log in. This bypasses any cached data from your normal browsing session. If the error does not appear in the private window, the cause is likely corrupted data in your regular browser profile. - Use the official Mastodon mobile app
Install the official Mastodon app on your phone or tablet. Log in to your account. Try posting the same status update. If the app posts successfully, the problem is confined to your desktop browser. Reinstall or reset the browser as a final step.
When the Error Keeps Returning After the Main Fix
Error reappears after a few minutes
If the error returns shortly after logging back in, your session token may be set to expire very quickly. This can happen if the server administrator configured a short session lifetime. Contact your instance admin and ask them to check the session timeout setting in the Mastodon configuration file. The default timeout is 24 hours.
Error occurs only on one specific post
If you can post other status updates but not a particular one, the post content may be triggering a server-side validation failure. Remove any special characters, excessively long URLs, or unusual Unicode symbols from the post. Try posting the content in a new draft without attachments.
Error appears on all devices and browsers
If the error affects every client, the problem is server-side. The Mastodon server may have a corrupted authentication module or a misconfigured reverse proxy. Contact your instance administrator and provide the exact error message and the time it started. The admin can check the server logs for authentication errors and restart the Mastodon services.
Browser vs App: Where the Error Appears
| Item | Web Browser | Mastodon Mobile App |
|---|---|---|
| Common cause | Stale session cookie or browser extension interference | Expired OAuth token or network proxy issue |
| Fix method | Clear cookies, log out, refresh page | Force close app, clear app cache, re-login |
| Frequency | More common after long idle periods | Less common, usually after app update |
| Data loss risk | Low — unsaved draft may be lost if not saved | Low — app usually saves draft locally |
After completing the steps above, you should be able to post status updates again without seeing the authenticity error. The fix is almost always on the client side. If the error persists on every device and browser, ask your instance administrator to review the server authentication settings. As a preventive measure, log out of Mastodon when you finish a session and avoid leaving the page open for more than 24 hours.