This is just a quick little note to suggest two ways to solve the problem that you cannot log in to your Magento admin interface after a fresh install of Magento.
The Problem
The problem will manifest itself as a redirect back to the login screen, even though you typed the right username and password. If this problem is affecting you, you will be redirected back and see no error message. This indicates you have the right credentials, but the Magento Admin is just not letting you in. You can verify it by typing the wrong username and password, you’ll see you get redirected back and it shows an error message.
The problem occurs because the Magento backend tries to set a cookie on your browser, and then for some reason when you next make a request, the cookie is gone(or was never there). This makes Magento think you have never logged in, and of course it redirects you to the login screen. So the real guts of it is the missing cookie, we need to find out why it’s missing.
There are two three solutions (Update: now with bonus 3rd solution) I have come across that will solve this, there may be others too, so please feel free to post them below. Both of these solutions have been suggested in the comments of my post on Setting up Apache Virtual Hosting.
Solution 1: Domain Name with no dots
This is the most common solution, if you have set up Magento to run locally (on MAMP for example) then you may be accessing the Apache webserver using the localhost hostname. A security setting in browsers means that the cookie will not be set, though apparently in FF3 at least, this behavior is a bug?.
So simply stop using localhost, you can use your localhost interface (e.g. 127.0.0.1 or 127.0.1.1). To determine your localhost interface you can look at the contents of your hosts file:
# Look for the number to the left of localhost cat /etc/hosts |
or your interface configuration.
# Look for interface loX with the LOOPBACK flag (probably lo0) ifconfig |
Once you know which number to use, you can replace localhost with the number. If you have already installed Magento using localhost then it will keep writing out links to localhost, even after you have changed to using the IP address, you will need to change the base_url values in the core_config_data table, you can run a query like this to find the right config values to change:
SELECT * FROM core_config_data WHERE VALUE LIKE "%localhost%"; |
This should identfy two config values that will need to update with a query like:
UPDATE core_config_data SET VALUE="http://127.0.0.1/" WHERE path IN ('web/unsecure/base_url','web/secure/base_url') ; |
I’m going to assume you know to put the right value into that query, and not use the example one I have provided!
After changing that value you should delete your var/cache contents, and then refresh the page. Now you should have Magento running on an IP address, not a hostname with no dots in it. Of course you could always set up a fake domain name like www.testing.com by using a Virtual Hosting setup like I describe in my post on how to configure a MAMP Virtual host.
Solution 2: Timezone differences between server and client
One other, less likely problem, is that the cookie is being set, but expiring immediately. To check this you can inspect the cookies your browser is holding, and check if there is one there from Magento. If there is then check both the timezone your magento installation is using , and the one you have set locally, perhaps your local time is not set properly?
Solution 3: Cookie domain does not match server domain
This caught me out when I was replicating a remote site on my local mac development environment. I thought it’d be worth adding this solution here, seeing as this post still seems to rank well for Magento install problems. I had changed the base URLs but had forgotten to check the core_config_data table for any other Magento configuration data that might have been interfering with cookies. The config path in question is: web/cookie/cookie_domain.
You can check the table with an SQL command like this – you should be on the look out for config values that have hard coded the old URL:
SELECT * FROM core_config_data WHERE VALUE LIKE "%domain.com%"; -- Be on the look out for something like this: | 513 | DEFAULT | 0 | web/cookie/cookie_domain | DOMAIN.com | |
And update it to an empty string (less secure) or the new actual domain (more secure) as shown below:
UPDATE core_config_data SET VALUE = "" WHERE config_id = 513; -- or UPDATE core_config_data SET VALUE = "domain.com" WHERE config_id = 513; |
But wait, there’s more….
Thanks to Kristof aka Fooman for this gem:
@aschroder @philwinkle one more is if you have multiple cookies that are valid: .example.com on http://t.co/756vQClu8B
— Fooman (@foomanNZ) July 1, 2014
Th solution here is to clear all your cookies related to the store domains and subdomains.
And yet still more possible issues, this time from Mauro Spivak:
@aschroder @philwinkle I found another one: Session store method (local.xml, session_save) was memcache and it wasn't installed.
— Mauro Spivak (@maurospivak) July 11, 2014
This is an example of the more general issue that sessions are not able to be created. That could be because local.xml is instructing Magento to store them in a non-exsistent location such as in Maruo’s example – or may also be caused by permission issues on the filesystem when storing sessions in var/session. I’d suggest checking there is a session matching the session ID for your cookie to see if this issue is affecting you.
Hopefully one of these two three four solutions will get you back on track and able to log in to your newly installed Magento. Feel free to post problems or suggest other solutions in the comments below. I’m always more than happy to update my posts with helpful tips from readers.
I am running magento 1.6.2. I have migrated my site from a development domain to the live domain – both domains reside on the same server. In summary, the steps I performed were as follow:-
1. I ftp-ed my entire magento folder from the development domain to the root of the live domain
2. Recursively chmoded all directory permissions on the live domain to 755
3. Recursively chmoded all file permissions to 644
4. Dumped the development mysql database and uploaded it to a new database connected with the live domain
5. Changed all Unsecure and Secure Base url references to the live domain
6. Edited the live domain app/etc/local.xml to point to the new database
7. Truncated the core_session table in the live db
8. Flushed magento/var/cache on the live domain
9. Updated the index.php and .htaccess files in the magento folder on the live domain with the necessary live domain/store details.
When I now load my home page on the live domain (http://.com/magento/index.php) I am redirected to the home page on the development domain instead of the live domain. When I now load my live admin login page (http://.com/magento/index.php/admin> I am also redirected to the frontend home page on the development domain.
The really weird thing is that I completed the migration yesterday and, in the endless attempts I have made since then to identify the issue on two separate occasions, and without making any changes to configuration settings, when I requested my home page on the live domain the live domain home page successfully loaded and on two separate occasions when I requested my live admin login page it also successfully loaded and I was able to login to the live magento backend. This suggests that my live configuration settings are indeed correct and that there may be some stubborn obscure cache or session data at the root of the issue.
Is there anybody who can tell me the likely cause of this behaviour and how I resolve this issue?
Thanks for the solution to this problem…was actually thinking it was a problem from the magento code; well, seems not.
Thanks, great help!
really thanks for the information
Got the same problem/headache and I hardcoded the situation like this
Open this file
/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
Make a backup of the file first, just in case..
Look for this lines o code
// set session cookie params
session_set_cookie_params(
$this->getCookie()->getLifetime(),
$this->getCookie()->getPath(),
$this->getCookie()->getDomain(),
$this->getCookie()->isSecure(),
$this->getCookie()->getHttponly()
);
and make this changes:
// set session cookie params
session_set_cookie_params(
$this->getCookie()->getLifetime(),
$this->getCookie()->getPath()//,
//$this->getCookie()->getDomain(),
//$this->getCookie()->isSecure(),
//$this->getCookie()->getHttponly()
);
Remember to put it back as original when is in production…
Solution 3 was what I needed! Thanks Ashley, your work is always helpful!
Awesome post! Thanks for the help.
i also have same issue
after i go to this url http://www.gingerlily.fr/test/ fronted cookie change to http://www.gingerlily.fr.
all the images and other resourced loaded from root site can anyone help me.. thanks
Hi Ashley – you saved the day … an incorrect Cookie Path caused my system to be inacessible… can now get back in the admin! Thanks for the post!
Allan
Juan Fach your comment really help me!
thanks great work and thanks for sharing
Juan Fach: thanks…….you solved my problem.:)
Hi Ashley
I was soo relieved to find your post on the cookies issues with Magento. I am just trying to get an installation up and running, and cookies are definately not working – that being said, I have tried everything I can think of to straighten it out, and still no luck. Even your great writeup here did not solve the problem. Is there any way you can help???
Doh! turns out it was a system time problem after all.
Thanks for the excellent info you have here. :-]
Thanks! domain whith dots work for me!
localhost or fridakalo not work
localhost.com or fridakalo.com yes work.
regards!