this text became created in partnership with Ktree. thank you for helping the companions who make SitePoint possible.
listed here are how Magento cookies can create considerations with the login functionality of both the consumer-dealing with entrance-end and admin back-end, the motive it happens and how it can be resolved.
here is also referred to as the looping issue, because the screen redirects itself to the identical display, although the username and password is correct.
A script is equipped at the conclusion of the article that can assist notice a couple of of the concerns. feel free to use and modify as per your needs.what is a Cookie?
A session is an array variable on the server aspect, which stores tips for use across dissimilar pages. for instance, items introduced to the cart are typically saved in sessions, and when the user browses the checkout page they're examine from the session.
sessions are recognized by a distinct identity. Its name alterations depemnding on the programming language — in php it is referred to as a ‘Hypertext Preprocessor Session identification’. As you may have guessed, the equal php Session identification has to be stored as a cookie in the client browser to narrate.Magento’s storage of periods
Magento can shop classes via numerous session providers and this will also be configured within the Magento config file at app/and so forth/native.xml. These session providers can also be chosen right here.
File<session_save><![CDATA[files]]></session_save> <session_save_path> <![CDATA[/tmp/session]]> </session_save_path>
enabling periods to shop themselves within the database is achieved in /app/etc/native.xml by using adding <session_save><![CDATA[db]]></session_save>.
Magento functions store periods in the Core\_session desk.
Redis<session_save>db</session_save> <redis_session> <host>127.0.0.1</host> <port>6379</port> </redis_session>
MemCachesession_save><![CDATA[memcache]]></session_save> <session_save_path> <![CDATA[tcp://localhost:11211?persistent=1&weight=2&timeout=10&retry_interval=10]]> </session_save_path> Magento usage
Magento makes use of two diverse cookies named 'frontend' and 'adminhtml'. the first one is created when any web page is browsed. The identical cookie is additionally updated every time the client logs in, and the subsequent one is created when a backend person is logged in. that you could assess even if the cookies were created by means of clicking investigate cross-check point > software, as within the below photograph (from Chrome):
Cookies are configured in Magento via the Configuration admin menu – device > Configuration > typical > net.
issue: Login Fails & Redirects to Login web page
in case you haven’t skilled this problem, you then haven’t labored with Magento lengthy adequate!
here is the way it typically occurs: if you happen to login by coming into your username and password, you could be redirected to the same login page and URL, and your browser is appended with nonce id. This happens for both the client entrance-end and the Magento returned-conclusion login.
Let's analyze just a few explanation why this happens, and the way they should get to the bottom of these concerns.rationale #1: Cookie area doesn't fit server area
Let’s say your Magento site is illustration.com and the cookie domain in Magento is configured as xyz.com.
during this situation each Magento cookies will set area cost as xyz.com, but for validating the session Magento will accept as true with the domain during which the web page changed into accessed — during this case illustration.com. considering that it won’t be able to find an energetic session with the illustration.com area cost, it's going to redirect the user to the login page even when legitimate credentials are provided.
After login or logout, the Magento system will regenerate the session using right here script:public function renewSession() $this->getCookie()->delete($this->getSessionName()); $this->regenerateSessionId(); $sessionHosts = $this->getSessionHosts(); $currentCookieDomain = $this->getCookie()->getDomain(); if (is_array($sessionHosts)) foreach (array_keys($sessionHosts) as $host) // Delete cookies with the equal identify for mother or father domains if (strpos($currentCookieDomain, $host) > 0) $this->getCookie()->delete($this->getSessionName(), null, $host); return $this;
app/code/core/Mage/Core/mannequin/Session/summary/Varien.personal home page
Magento will validate the session for each request with right here formulation:public characteristic init($namespace, $sessionName=null) if (!isset($_SESSION)) $this->start($sessionName); if (!isset($_SESSION[$namespace])) $_SESSION[$namespace] = array(); $this->_data = &$_SESSION[$namespace]; $this->validate(); $this->revalidateCookie(); return $this;
You can also continuously see this in case you migrate your Magento instance from one area to an additional domain, as an instance from construction to Staging, and overlook to change the cookie domain.
word: that you can run the provided cookieTest.Hypertext Preprocessor script, which validates what the server cookie area is, and what is set in the Magento config.
trade the Cookie area by way of the Configuration admin menu. Go to device > Configuration > prevalent > internet, as per the screenshot.
on the other hand which you can change this by means of operating these SQL queries.
For validating the cookie area use this select query to get the configuration:opt for * FROM core_config_data where direction = 'internet/cookie/cookie_domain';
After executing this query, they will get the outcomes. determine the 'price' column is a similar as your domain. update the cost whether it is no longer the same as your domain.
To update the cookie domain, use this query:replace core_config_data SET cost = "area.com" where course = 'net/cookie/cookie_domain'; purpose #2: multiple subdomains used and Magento’s cookie configuration is incorrect
Let’s say your website is example.com. Logging into instance.com/admin works satisfactory.
but on your staging/QA web page, as an instance staging.example.com/admin, you're unable to login without deleting all cookies. The device might also allow logins to staging.instance.com, however when they login again to instance.com/admin, your subsequent click on on staging.instance.com kicks you returned to the login web page. equivalent habits is experienced for valued clientele the use of the front-conclusion login as well.answer 1
option A: if your main area and subdomains are hosted on the identical server
option B: in case your main area and subdomains are hosted on different servers
however, trade this by using working these sql queries.
For validating the cookie domain use the following select question to get the configuration:choose * FROM core_config_data the place direction = 'internet/cookie/cookie_domain';
After executing the above question they are able to get the outcomes. assess whether the 'cost' column is the same as your domain or now not. replace the cost whether it is not same as your area.
For updating the cookie domain, use right here query:update core_config_data SET price = "domain.com" the place direction = 'internet/cookie/cookie_domain'; answer 2
check whether your personal home page.ini file has the same cookie domain as on your Magento config — if no longer trade it to the same as the Magento config, as below:cookie\_domain = illustration.com answer 3
this is now not the advised strategy, but when all alternate options fail that you would be able to are attempting this code, changing the choice by way of changing the adminhtml cookie name for subdomains. copy the file action.personal home page and hold it within the identical folder course as local so your core code file can be overridden.
There are two adjustments to make within the file app/code/core/Mage/Core/Controller/Varien/action.php.
in the preDispatch feature, trade these lines:/** @var $session Mage_Core_Model_Session */ $session = Mage::getSingleton('core/session', array('name' => $this->_sessionNamespace))->birth();
To:$namespace = $this->_sessionNamespace.($_SERVER['SERVER_NAME']=='subdomain.example.com'?'_subdomain':''); /** @var $session Mage_Core_Model_Session */ $session = Mage::getSingleton('core/session', array('name' => $namespace))->start();
in the function setRedirectWithCookieCheck, change:/** @var $session Mage_Core_Model_Session */ session = Mage::getSingleton('core/session', array('identify' => $this->_sessionNamespace));
To:$namespace = $this->_sessionNamespace.($_SERVER['SERVER_NAME']=='subdomain.illustration.com'?'_subdomain':''); /** @var $session Mage_Core_Model_Session */ $session = Mage::getSingleton('core/session', array('name' => $namespace));
After that, search for the following textual content in all information:Mage::getSingleton('core/session', array('name' => 'adminhtml'));`
If any occurrences are found, replace them with:Mage::getSingleton('core/session', array('name' => 'adminhtml'.($_SERVER['SERVER_NAME']=='subdomain.instance.com'?'_subdomain':''))); rationale #three: Double front-end cookies inflicting intermittent login concerns
In just a few situations, there's the opportunity of the gadget growing distinctive frontend cookies, which prevents the gadget from permitting you to login..scenario 1
When your Magento equipment has the equal configuration to your leading area and subdomain within the Magento config, and if the consumer logs in to each the sites, Magento creates two cookies. One has 'area cost' set with the leading domain, and an additional with the subdomain. As such they will have two front-end cookie classes, so they won't be capable of login to the equipment.
trade the Cookie area setting to .illustration.com for each the domain and subdomain configurations.situation 2
during this situation, let’s say to your personal home page.ini, no cookie domain is configured and the Magento domain price of instance.com is configured. Now when the user logs in by the use of www.illustration.com, the system creates a cookie with a website value of example.com from the Magento config. When the user logs out, Magento will regenerate the cookie with a website value from the URL accessed (i.e www.illustration.com), on account that in Hypertext Preprocessor.ini no cookie domain became detailed. note that if the person logs in the usage of example.com or a cookie area is configured in personal home page.ini, no concerns will arise.answer 1
Add a cookie domain to your Hypertext Preprocessor.ini file that is a similar as your Magento config.session.cookie\_domain = instance.com answer 2
change the Cookie domain to .instance.com for both domain and subdomain configurations.
word: Use their cookieTest.personal home page script to see when you've got double frontend cookies.rationale #4: did not create (read) session identification Recoverable Error: session\_regenerate\_id(): did not create(study) session id: person (direction: /var/lib/Hypertext Preprocessor/classes) in app/code/core/Mage/Core/mannequin/Session/abstract/Varien.php on line 492
here is an error you may also see in the exception log, and might ensue simplest for PHP7, as PHP7 does strict classification checking.
The answer for here's to change the Magento core study feature via typecasting. more on this right here.public feature examine($sessId) //return $facts; return (string)$information; intent #5: Session information file is not created via your uid Warning: session_start(): Session facts file is not created by your uid in app/code/core/Mage/Core/model/Session/abstract/Varien.php on line one hundred twenty five solution 1
This error occurs if you're saving periods in files, and the folder or info lack webserver person permission. So within the case of nginx, if your webserver user is www-statistics, you need to supply ownership to the folder the use of:sudo chown -R www-facts:www-data solution 2
if you're operating on Vagrant, you may must make certain or alternate the file session course.answer 3
one more reason is that there could be some historical sessions in the var/periods folder — delete them and examine even if that fixes the problem.
notice: in case you have the alternative to use distinct session suppliers, switch to one other. as an example, go from Redis to file. Clear your var/cache folder and notice if it really works — and again, only are attempting this in your building ambiance.A personal home page Script to become aware of Cookie concerns <?Hypertext Preprocessor ini_set('display_errors', 1); $mageFileName = getcwd() . '/app/Mage.personal home page'; require $mageFileName; Mage::app(); echo "<b> Server Cookie domain Configuration : </b> ".ini_get('session.cookie_domain')."<br>"; foreach (Mage::app()->getStores() as $store) $configCookieDomain == '.' . $storeDomain) ? "" : "not"; echo "Config cookie domain : " . $configCookieDomain . " and save area: " . $storeDomain . " " . $cookieDomainResult . " configured correctly<br>"; //echo "<b>Request Cookies:</b> "; $requestCookie = Mage::app()->getRequest()->getHeader('cookie'); $requestCookieArr = explode(';', $requestCookie); $sessionIds = array(); foreach ($requestCookieArr as $requestCookieItem) trim($cookieValue) == 'adminhtml') $cookieName = trim($cookieValue); $sessionId = trim($cookieValue); $sessionIds[$cookieName] = $sessionId; $areas = array("frontend", "adminhtml"); foreach ($areas as $enviornment => $cookieName) echo "<b>validating " . $cookieName . " cookie </b><br>"; $cookieExpires = Mage::getModel('core/cookie')->getLifetime($cookieName); $cookiePath = Mage::getModel('core/cookie')->getPath($cookieName); $cookieDomain = Mage::getModel('core/cookie')->getDomain($cookieName); $cookieSecure = Mage::getModel('core/cookie')->isSecure($cookieName); $cookieHttpOnly = Mage::getModel('core/cookie')->getHttponly($cookieName); echo "Cookie Lifetime : " . $cookieExpires . " <br>"; echo "Cookie direction : " . $cookiePath . " <br>"; echo "Cookie area : " . $cookieDomain . " <br>"; echo "Cookie Is comfy : " . $cookieSecure . " <br>"; echo "Cookie Httponly : " . $cookieHttpOnly . " <br>"; if (count number($sessionIds[$cookieName]) > 1) echo "<span style='colour:pink'><b>we now have " . count number($sessionIds[$cookieName]) . " " . $cookieName . " Cookies with values : </b>" . implode(',', $sessionIds[$cookieName]) . "<br>"; //$encryptedSessionId = Mage::getSingleton("core/session")->getEncryptedSessionId(); $encryptedSessionId = Mage::getModel('core/cookie')->get($cookieName); echo "fashioned Cookie price : " . $encryptedSessionId . "<br>"; echo "Please investigate the Subdomain and main website Cookie domain Configuration</span><br>"; ?>