I am having a problem with 2.4 on a user site (i.e. development url is http://ip-number/~username/).

Steps to recreate:

1) edit a page in cms
2) save and publish
3) click "Published Site" in cms to view the page
4) back in the cms, try to update a page. save and publish just spins, and I am asked to login again.

I am unable to edit and a javascript alert comes up saying "please login and then try again".

If I don't view the site by clicking on the "Published Site" link, I can make changes, save them, and view in a separate window in the browser.

I have some more information about this. Looking at the firebug output, I'm getting the following message in the response when I try to save a page in the admin section: SecurityID doesn't match, possible CSRF attack.

Any ideas?

this might help, I am having the same problem, and it didn't help me, but give it a whirl. You never know.

http://silverstripe.org/installing-silverstripe/show/285523#post285523

Form::disable_all_security_tokens();

to _config.php

The issue I was having was a session problem from the hosting provider. You can control your own sessions by adding the following to the bottom of your .htaccess:

php_value session.gc_probability 1
php_value session.gc_divisor 100
php_value session.gc_maxlifetime 3600
php_value session.save_path /mnt/stor1/123456/example.com/web/sessions

my session save path is outside my content folder that holds the web files, so it can't be accessed from the www.

Here is a link explaining the above.
http://cloudsites.rackspacecloud.com/index.php/Why_are_my_PHP_sessions_not_working%3F

Please do not disable all security tokens. This exposes your entire site to CSRF attacks.