This is just a quick little note to suggest two ways to solve the problem that you cannot log in to your Magento admin interface after a fresh install of Magento.
The Problem
The problem will manifest itself as a redirect back to the login screen, even though you typed the right username and password. If this problem is affecting you, you will be redirected back and see no error message. This indicates you have the right credentials, but the Magento Admin is just not letting you in. You can verify it by typing the wrong username and password, you’ll see you get redirected back and it shows an error message.
The problem occurs because the Magento backend tries to set a cookie on your browser, and then for some reason when you next make a request, the cookie is gone(or was never there). This makes Magento think you have never logged in, and of course it redirects you to the login screen. So the real guts of it is the missing cookie, we need to find out why it’s missing.
There are two three solutions (Update: now with bonus 3rd solution) I have come across that will solve this, there may be others too, so please feel free to post them below. Both of these solutions have been suggested in the comments of my post on Setting up Apache Virtual Hosting.
Solution 1: Domain Name with no dots
This is the most common solution, if you have set up Magento to run locally (on MAMP for example) then you may be accessing the Apache webserver using the localhost hostname. A security setting in browsers means that the cookie will not be set, though apparently in FF3 at least, this behavior is a bug?.
So simply stop using localhost, you can use your localhost interface (e.g. 127.0.0.1 or 127.0.1.1). To determine your localhost interface you can look at the contents of your hosts file:
# Look for the number to the left of localhost cat /etc/hosts |
or your interface configuration.
# Look for interface loX with the LOOPBACK flag (probably lo0) ifconfig |
Once you know which number to use, you can replace localhost with the number. If you have already installed Magento using localhost then it will keep writing out links to localhost, even after you have changed to using the IP address, you will need to change the base_url values in the core_config_data table, you can run a query like this to find the right config values to change:
SELECT * FROM core_config_data WHERE VALUE LIKE "%localhost%"; |
This should identfy two config values that will need to update with a query like:
UPDATE core_config_data SET VALUE="http://127.0.0.1/" WHERE path IN ('web/unsecure/base_url','web/secure/base_url') ; |
I’m going to assume you know to put the right value into that query, and not use the example one I have provided!
After changing that value you should delete your var/cache contents, and then refresh the page. Now you should have Magento running on an IP address, not a hostname with no dots in it. Of course you could always set up a fake domain name like www.testing.com by using a Virtual Hosting setup like I describe in my post on how to configure a MAMP Virtual host.
Solution 2: Timezone differences between server and client
One other, less likely problem, is that the cookie is being set, but expiring immediately. To check this you can inspect the cookies your browser is holding, and check if there is one there from Magento. If there is then check both the timezone your magento installation is using , and the one you have set locally, perhaps your local time is not set properly?
Solution 3: Cookie domain does not match server domain
This caught me out when I was replicating a remote site on my local mac development environment. I thought it’d be worth adding this solution here, seeing as this post still seems to rank well for Magento install problems. I had changed the base URLs but had forgotten to check the core_config_data table for any other Magento configuration data that might have been interfering with cookies. The config path in question is: web/cookie/cookie_domain.
You can check the table with an SQL command like this – you should be on the look out for config values that have hard coded the old URL:
SELECT * FROM core_config_data WHERE VALUE LIKE "%domain.com%"; -- Be on the look out for something like this: | 513 | DEFAULT | 0 | web/cookie/cookie_domain | DOMAIN.com | |
And update it to an empty string (less secure) or the new actual domain (more secure) as shown below:
UPDATE core_config_data SET VALUE = "" WHERE config_id = 513; -- or UPDATE core_config_data SET VALUE = "domain.com" WHERE config_id = 513; |
But wait, there’s more….
Thanks to Kristof aka Fooman for this gem:
@aschroder @philwinkle one more is if you have multiple cookies that are valid: .example.com on http://t.co/756vQClu8B
— Fooman (@foomanNZ) July 1, 2014
Th solution here is to clear all your cookies related to the store domains and subdomains.
And yet still more possible issues, this time from Mauro Spivak:
@aschroder @philwinkle I found another one: Session store method (local.xml, session_save) was memcache and it wasn't installed.
— Mauro Spivak (@maurospivak) July 11, 2014
This is an example of the more general issue that sessions are not able to be created. That could be because local.xml is instructing Magento to store them in a non-exsistent location such as in Maruo’s example – or may also be caused by permission issues on the filesystem when storing sessions in var/session. I’d suggest checking there is a session matching the session ID for your cookie to see if this issue is affecting you.
Hopefully one of these two three four solutions will get you back on track and able to log in to your newly installed Magento. Feel free to post problems or suggest other solutions in the comments below. I’m always more than happy to update my posts with helpful tips from readers.
Just wanted to say your information on magento is a huge help. There aren’t many places that document it and I just wanted to say thanks! No need to reply, just smile and know that you and your site rock!
I totally agree with Dan you information is great saved me a third reinstall
You rock !
Just wanted to say thanks. All I had to do was drop “localhost” and use my local IP.
Just wanna say thank you. That was really easy solution
But I have this Problem also on a Webserver. This entries are set by my Domain in the database. I don’t know how to fix it. Any suggestions?
Hi, thanks for commenting, you mean the cookie is not being set, or your domain name has no dots in it?
There is no reason that Magento can’t set cookies on a local host with no dots in it. This is a bug in Magento. I do 100% of my development on various local hosts with no dots in them, and I can set cookies in them just fine. What’s going on here?
Hi, Ryan
Thanks for the feedback, I’m not sure what the answer is. I do know when I was investigating, the problem seemed browser dependent, and that the actual HTTP response coming back from Magento, appeared totally valid to me (i.e it was setting the cookie properly). The bug I found reported for FF3 (link in the post) seemed to make it seem a browser problem, maybe you luckily do 100% of your development in a browser that does not have this problem? Is this problem affecting you now only on Magento where it has not in the past?
I was just re-reading the bug report, it looks like it may even be FF3 + Ubuntu, where the problem is – so it may be less of a problem to most users. I’d be keen to hear feedback on that.
This really helped. Thanks for sharing
After last upgrade magento, I have big problem with cookies, anybody have a solution?
Can you describe the symptoms? What isn’t working?
I reported the bug at https://edge.launchpad.net/ubuntu/+source/firefox-3.0/+bug/325266
According to my findings it is due combination of PHP’s setcookie() call with the domain set AND the browser. Not only Firefox but Google Chrome is also affected, but not Opera (all under Ubuntu 9.04).
Even if Firefox/Chrome somehow gets fixed in the future, it’d already be affecting many users. I think Magento should fix its setcookie() call and save all of us the trouble.
I read somewhere that it was in an RFC that cookies only get set for FQDN’s and not just hostnames. With localhost being a hostname, that could be why localhost cookies do not work. I’m not sure of an RFC # though to confirm that, anyone got any clues?
Further to that, setcookie() would just be telling the response to include a Cookie header – so nothing to fix there. It’s the fact the browser is not actually carrying out what it’s told to in the headers. I’m just not sure if that is a bug, or a security feature. Some vague reference to an RFC reckoned the latter.
Here’s a solution i found really working. For those who want to try something else, this might be worth it. Check this site: http://markuzweb.blogspot.com/
I already checked the site. It did solve the issue. Works great when you’re developing themes for Magento or building apps for it. Here’s how you get there directly: http://markuzweb.blogspot.com/2009/08/cant-login-to-magento-admin-panel-after.html
I found the article that can solve the problem..
http://markuzweb.blogspot.com/2009/08/cant-login-to-magento-admin-panel-after.html#comment-form
http://markuzweb.blogspot.com/2009/08/cant-login-to-magento-admin-panel-after.html#comment-form
thanks for helping solve my problem! the admin panel login was not going through after upgrade to 1.7. When i checked the cookies, found that cookies were not getting set at all.. all was fine when the cookie domain was reset in the core_config table to blank instead of the earlier .domain.com
Hi all, i also have the same login problem once after installation of magento in locahost, but if you use opera browser you may not face this login problem.
Thanks for the info…
Thanks for the great help. you rock
Instead commenting all those line of codes which make it pretty unsecured when used in a production environment, why not detect the domain if its localhost and disable it, then restore usual function when it’s not.
This is how I did it:
http://mysillypointofview.wordpress.com/2010/03/24/how-to-fix-magentos-admin-login-failing-no-error-message-on-localhost/
Hi
I know this question of mine is irrelevant to this forum, but its kind of a similar cookie problem, not on the admin side of magento though, but on the frontend. When I login to the frontend I am redirected to the enable-cookies page, even though cookies are enabled on my browsers ( FF & IE ). This is intermittent. I mean this doesn’t happen every time i login. After that when I click on the home page link or any other page it works fine ( without having to do anything on the browser settings ).
So if someone can help me, that would be great
I use magento 1.3.2.4 & both ubuntu and windows machines as clients & windows (localhost ) & ubuntu (production ) as server
Thanks
Anisha
I am using Magento 1.3.2.3..I am not able to login using front end in any case..i am sucessfully able to login to admin…i changed cookie to 10000 and tried everything but no luck until now???any help will be appreciated?
Hi, You mean you can login to the Magento admin, but if you try to log in as a customer it won’t let you? Very strange, have you tripple checked your login details? Have you tested with purposefully wrong credentials to make sure you get a different error?
No error messages at login, which may mean USER and PASSWORD are correct.
How do I check the timezone my magento installation is using? I do not have access as amin.
Thanks
Try installing firebug (a must have firefox extension) then looking at the Date headers in the ‘Net’ tab. Otherwise, I’m not sure what’s best. Maybe you could write a php script to echo the date?
Hi there,
I am using this simple procedure under Windows7:
1. install XAMPP and enable “iconv”
2. edit the file “hosts” to this: 127.0.0.1 localhost.com
3. copy the magento files to the directory: C:\xampp\htdcs\magento\
4. start the Apache and MySQL
5. Go to the address: http://localhost.com/magento
6. Follow the installation wizard.
7. Now You will be able login to the administration.
ENJOY!
=D
I am having the same problem as Jaso! I can login to the admin just fine, and I stay logged in. I cannot log in as a customer at all. If I enter the correct credentials I go nowhere, if I enter incorrect credentials I am given error messages, which is what you describe at the beginning. I’m confused about the localhost. I am on dreamhost and they run everything from your domain, so on install I changed “localhost” to be my domain name.
hey,
this is for people using ‘localhost’. Instead of using ‘localhost’ use 127.0.0.1 or what ever in your case during the magento installation and while accessing it everywhere and dont forget to tick mark the ‘[somthing]rewrite option of the three options during the installation… This worked for me…
hope it helps..
oo! and yes! dont forget to replace localhost with 127.0.0.1 or whatever in your case in the address bar while installing :p
I am having issues logging in to my Admin panel – I uploaded Magento to my Media Temple server and was able to create an admin account the first time.
Upon returning to domain.com/magento/index.php/admin I receive a 404 error. Any suggestions on how I can access my Admin account? Also, should I be configuring locally rather online through my mt server? (I am admittedly new to e-commerce/carts)
Thanks so much for your help.
Tim
Hi, Tim
Are you 100% sure you have the right URL? If so, then it’s quite strange to be getting a 404. Are you getting a Magento 404 or a default Apache 404? perhaps send me a screenshot?
Hi,
I want to say thanks, because here my many problems are solved without efforts.
Thanks so much for your help.
vipin
I just got this to work form your tips here. Thank you very much. I had to set the sever time and extend te cookie time ad that worked. Not sure why the server time alone didn’t fix the problem but I just extended the cookie as you suggested to a full day.
Thanks again,
Mike
I was running Magento in a Linux VirtualBox and both IE8 and FF were giving me problems with not sending the issued cookie (and so a new session was created with each request). Safari for Mac and Windows were working fine though. I was using a DNS like “dev-magento” and adding it to my hosts file. Adding a domain (dev-magento.local) fixed the problem!
Thanks for the writeup! I hate how something that trivial cost me nearly a day of pulling my hair out.
Phew. Thank you. The ol’ cookie domain
Hi Guys,
I was also having the similar problem of first login after successful installation of Magento.
Check this link… it really helped me in solving this.
http://mysillypointofview.richardferaro.com/2010/03/24/how-to-fix-magentos-admin-login-failing-no-error-message-on-localhost/
Note : Editing the core file is not recommended, but you can try this since it works
Tried all the above but no joy. Found this solution that worked for me at:
http://net.tutsplus.com/articles/news/easy-e-commerce-with-magento/
In your Magento folder go to app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
Find the session_set_cookie_params code block (Line 78) and replace it with this code:
session_set_cookie_params(
$this->getCookie()->getLifetime(),
$this->getCookie()->getPath()
//$this->getCookie()->getDomain(),
//$this->getCookie()->isSecure(),
//$this->getCookie()->getHttponly()
);
On a proper webhost you do not need to do this! However as we are working on localhost we need to do this to address an cookie issue.
Happy days!!!
Same problem as the others. Using MAMP. Resolved problem by simply creating a regular user using the Magento login page. Then, go into the database, look for table named customer_entity_varchar. Copy the entry that’s in the value field on row 3. Paste that into the password field in the table admin_user. Done. When you go back to the admin login page, simply use your admin password and the password that you assigned to the regular user you created. Magento should accept these and let you into the back-end.
Hello,
Unfortunately none of those methods worked. As for the web/cookie/cookie_domain
I do not even have that in the database.
The root cause of the problem is an inherent bug with Magento overriding and hard coding it to UTC time zone. The fix is rather easy, no coding required, just a little math. This fix worked immediately for us.
http://www.yireo.com/blog/1296-windows-7-google-chrome-magento-admin-cookie-problem
I sincerely hope Magento gets this fixed, what a waste of time, no pun intended.
Hello Sir I am doing magento changes and there is an problems of redirecting I have added new module in magento admin if I am inserting mysql from controller like
if(isset($_REQUEST[‘submitformimage’]))
{}
and after that is not going on the module page come on the admin home page
Please suggest me well.
Thanks
GoDaddy updated their server with the newest version of Apache in mid Oct. With that in mind Magento wont allow me to login and when I try to retrieve a new password, I use it and it wont let me in the front end either. How can I fix this issue.
For me, this fixed it:
http://www.redbridgenet.com/magento/cannot-login-to-frontend-with-explorer-on-magento-store/
Just one note regarding dots in the domain. No dots at all doesn’t work, as you wrote, but having 4 dots or more doesn’t work either. We had that on a development server. Now changing subdomains…
I’m working in webserver and for me this solved the bug:
http://beanofjava.blogspot.com/2010/05/unable-to-login-into-customer-account.html
But I don’t know if there is some colateral effect changing the code.
You need to clean cookies and after that and changing the code like said in this link, it seems like works.
Just one thing, he said change “inMage.php” he meant “in the file Mage.php” for me that am not developer I did had a time to figure it out.
Great help. I installed Magento with Bitnami stack on my local machine. Your solution #1 worked for me. Thanks!