Multisite "Cookie nonce is invalid" problem

When I try to save settings for some plugins in network (subdirectory multisite) admin. Messages I get:

Cookie nonce is invalid

from the Application password plugin and…

A nonce security check failed, preventing the request from completing as expected. Please try reloading the page and trying again.

…from iThemes Security.

I did some digging and the problem is wp_verify_nonce() always return false. The cookie token never match the expected token. I have no idea why Wordpress is behaving in this way.

Do someone have an idea of what’s causing this issue? How can I solve this?

I using Bedrock and here is my settings (not including database, saltkeys, WP_ENV, etc.):

define('WP_HOME', 'http://my-local-cms.dev');
define('WP_SITEURL', 'http://my-local-cms.dev/backend');
define('CONTENT_DIR', '/app');

define('ADMIN_COOKIE_PATH', '/');
define('COOKIE_DOMAIN', '');
define('COOKIEPATH', '');
define('SITECOOKIEPATH', '');

define('WP_ALLOW_MULTISITE', true);
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'my-local-cms.dev');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);

Edit note 2017-08-30: Info about it’s a subdirectory multisite install.

I found the problem.

The links to the Network Admin are incorrect. For example, network users have:

http://my-local-cms.dev/wp-admin/network/

It should be (if wordpress core is located in backend/)

http://my-local-cms.dev/backend/wp-admin/network/

If you visit the first link and add /backend/ before wp-admin in the browser, then the network admin will behave correctly.

I posted my fix here: https://wordpress.stackexchange.com/questions/278071/cookie-nonce-is-invalid-multisite/278459#278459

Check this out https://github.com/felixarntz/bedrock/blob/b899d0e84b6ad0044b9b6280ea6329dc5452ac03/web/app/mu-plugins/ms-url-fixer.php

Yes, I have tried that. The problem is this is a subdirectory multisite install. When the plugin is enabled I get urls like:

http://my-local-cms.dev/backend/backend/wp-admin/

And

http://my-local-cms.dev/site1/backend/wp-admin/

I only need to fix URL:s to the network admin, the other URLs are fine.

Edit:

New solution (needs more testing and fine tuning).

public function fix_network_admin_url($path, $scheme) {
    return str_replace('/wp-admin/network', '/backend/wp-admin/network', $path);
}
add_filter('network_admin_url','fix_network_admin_url', 10, 3);