MAGENTO, PHP

How to Fix Magento Login Issues with Cookies and Sessions

 

Database

Allowing sessions to store themselves in the database is done in /app/etc/local.xml by adding. Magento applications store sessions in the Core\_session table. Fix Magento Login Issues with Cookies and Sessions:

Redis

MemCache

Fix Magento Login Issues with Cookies and Sessions: Magento Usage

Magento uses two different cookies named ‘frontend’ and ‘adminhtml’. The first one is created when any page is browsed. The same cookie is also updated whenever the customer logs in, and the next one is created when a backend user is logged in. You can check whether the cookies have been created by clicking Inspect Element > Application, as in the below picture (from Chrome):

Fix Magento Login Issues with Cookies and Sessions

Cookies are configured in Magento via the Configuration admin menu – System > Configuration > General > Web.

Fix Magento Login Issues with Cookies and Sessions

Problem: Login Fails & Redirects to Login Page

If you haven’t experienced this problem, then you haven’t worked with Magento long enough!

This is how it typically happens: when you login by entering your username and password, you will be redirected to the same login page and URL, and your browser is appended with nonce id. This happens for both the customer front-end and the Magento back-end login.

Let’s look at a few reasons why this happens, and how we should resolve those issues.

Reason #1: Cookie domain does not match server domain

Let’s say your Magento site is example.com and the cookie domain in Magento is configured as xyz.com.

In this scenario both Magento cookies will set Domain Value as xyz.com, but for validating the session Magento will consider the domain through which the site was accessed — in this case example.com. Since it won’t be able to find an active session with the example.com domain value, it will redirect the user to the login page even when valid credentials are provided.

app/code/core/Mage/Core/Model/Session/Abstract.php

After login or logout, the Magento system will regenerate the session using the following script:

app/code/core/Mage/Core/Model/Session/Abstract/Varien.php

Magento will validate the session for every request with the following method:

You may normally see this when you migrate your Magento instance from one domain to another domain, for example from Production to Staging, and forget to change the cookie domain.

Note: you can run the provided cookieTest.php script, which validates what the server cookie domain is, and what is set in the Magento config.

Solution:

Change the Cookie Domain via the Configuration admin menu. Go to System > Configuration > General > Web, as per the screenshot.

Alternatively you can change this by running these SQL queries.

For validating the cookie domain use this select query to get the configuration:

After executing this query, we will get the results. Verify the ‘value’ column is the same as your domain. Update the value if it is not the same as your domain.

To update the cookie domain, use this query:

Reason #2: Multiple subdomains used and Magento’s cookie configuration is incorrect

Let’s say your site is example.com. Logging into example.com/admin works fine.

But on your staging/QA site, for example staging.example.com/admin, you are unable to login without deleting all cookies. The system may allow logins to staging.example.com, but when we login again to example.com/admin, your next click on staging.example.com kicks you back to the login page. Similar behavior is experienced for customers using the front-end login as well.