Admin Login Loop of Death

[royaldave]

Hi

Essentially I have a fresh install of 1.5.6c with my upgraded database. No changes have otherwise been made.

BTW This is on my ubuntu box at home - not a live server.

I am getting the old 'admin login loop' where I can't login to admin - it simply refreshes the admin login screen everytime.

I've tried it with ssl off, ssl on - but I cannot get around it.

Has anyone got any suggestions - banging my head against the wall on this one.

[mc12345678]

Clearing cache/cookies has been reported to possibly work or Ctrl-F5, then another has been to use the credential reset: https://www.zen-cart.com/content.php?44

[royaldave]

Hi

I've tried logging in from 2 different PCs and my phone - so not a browser issue.

The credential reset doesn't work as it doesn't matter what login I type in - it never actually checks the password - it simply redisplays the login screen. Surely it has to be some config issue with my server - I just have no idea where to start.

[mc12345678]

So when you were doing this upgrade. A big assumption is that the following FAQ was used: http://www.zen-cart.com/entry.php?3-...d-of-upgrading

If used, then one of the tests would have been to login to a truly fresh install. As such, if it worked but the imported database didn't, seems like at least part of the issue would be identified (or at least part of what is likely not associated is).

Other things some have done, upload a new copy of the admin folder to be sure that only files associated with this version's admin folder are associated and not potential remnants of other programs.

Delete all admin users and force renumbering of the admin user ID to a value of 1 for the first record and potentially the same for admin profiles...

Could be session related such as attempting to access the catalog as a customer to see if able to login and/or create an account...

[swguy]

Did you check the /logs folder for error files?

[lat9]

That admin login-loop is indicative of a session-related issue. My guess is that the Zen Cart is processing your login request, but when it comes time to store that session cookie ... it falls into the ether and, since there's no $_SESSION['admin_id'] available, the login screen is re-displayed.

Check (and re-check) your Ubuntu site's /admin/includes/configure.php (as well as the storefront /includes/configure.php). If SSL is enabled in those configure.php files, does your Ubuntu site have SSL configured?

[royaldave]

thanks all for your responses.

To eliminate my database being the issue I did a fresh install and attempted to work with demo data - still having same issue.

There is nothing getting written to log files.

I cannot login to catalog either - keeps saying session expired. This happens even when I try to login with a non-existant login.

ssl is installed - however I tried turning it off in configure.php and it doesn't work then either.

thanks - hopes this narrows it down.

[royaldave]

AAARRGHGGH!!!

php.ini

session.use_cookies = on

[davewest]

AAARRGHGGH!!!

php.ini

session.use_cookies = on

PHP7.3.8 Ubuntu 18.04.3 LTS

Code:

; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies=1

; http://php.net/session.cookie-secure
;session.cookie_secure =

; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combatting
; session hijacking when not specifying and managing your own session id. It is
; not the end all be all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
session.use_only_cookies=1

; Name of the session (used as cookie name).
; http://php.net/session.name
session.name=PHPSESSID

; Initialize session on request startup.
; http://php.net/session.auto-start
session.auto_start=0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime=0

; The path for which the cookie is valid.
; http://php.net/session.cookie-path
session.cookie_path=/

[royaldave]

Thanks, basically cookies was set to 0 and as soon as I adjusted that all working....

PHP7.3.8 Ubuntu 18.04.3 LTS

Code:

; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies=1

; http://php.net/session.cookie-secure
;session.cookie_secure =

; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combatting
; session hijacking when not specifying and managing your own session id. It is
; not the end all be all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
session.use_only_cookies=1

; Name of the session (used as cookie name).
; http://php.net/session.name
session.name=PHPSESSID

; Initialize session on request startup.
; http://php.net/session.auto-start
session.auto_start=0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime=0

; The path for which the cookie is valid.
; http://php.net/session.cookie-path
session.cookie_path=/