Occasionally I run into a problem logging into the Magento admin panel. The username and password I enter is correct and the url in the browser window tells me that I have logged in correctly (ie: I see domain.com/index.php/admin/areallylongstring), however the login window is displayed again. No error message telling me that the log in details are incorrect is displayed, I am just routed back to the log in window. Has anyone come across this before and can anyone please suggest a solution?
Thanks!
Try start a private browser session and see if you can login, if so clear your cookies for the website and you should be able to login.
I occasionally get this problem, next time I get it I will dig into the code with my debugger to see what is actually going on.
This problem arises due to multiple reasons and the cheapest solution for this will be comment out the following lines in one of core files of magento.
FILE :- app/code/core/Mage/Core/Model/Session/Abstract/Varien.php.
// set session cookie params
session_set_cookie_params(
$this->getCookie()->getLifetime(),
$this->getCookie()->getPath()//,
//dependes which versin of mage you are using, you may comment these as well
//$this->getCookie()->getDomain(),
//$this->getCookie()->isSecure(),
//$this->getCookie()->getHttponly()
);
Find out above code in that file and then comment out those three cookies as shown above.
But as I said it is the cheapest and easiest solution that you can go with. For more information, checkout this link
Related
Please note the code snippet is just there as an example, there is nothing wrong with the way it works - my question is relating to Chrome's default behaviour of prompting the user to remember their sign-in details, which I want to happen when the password is correct, but not to happen when the password is wrong.
I have been looking around, and come across other articles, but they aren't specifically for my issue and cannot be related to it.
The backend code handling a form submission essentially goes like this (cut down because the code is not actually the problem here)
if(password_verify($password,$dbpassword)){
//Task: Please DO prompt me here chrome, this is correct
header('Location: /account');
exit();
}
setcookie('error','Your password is incorrect',time()+5,'/','',true);
//Task: Please DON'T prompt me here chrome, this is the wrong password!
header('Location: /log-in');
exit();
The log in page then reads the set cookie and displays the error, prompting the user to make another attempt.
The problem is not related to my code. The code is fine.
Chrome takes the header('Location:') to mean that login was successful, thus prompting the user to save these details (annoying). I was wondering if anyone knows how to basically tell the browser it was a failed attempt?
Untested, but I imagine the same prompt would occur on other browsers that offer the same user/password storage... So an all-browser solution would be amazing if anyone has... I'm sure it is a simple one liner to fix this, but I've been researching for over an hour with no success
My code so far performs fine like this:
Cookie set with error message ✓
Header redirect back to login page ✓
Cookie read & error message displayed ✓
Cookie removed ✓
Google shouldn't ask to remember because it was wrong ❌
You could try telling the browser that the user is not authenticated yet, by setting the status code 401 (Unauthorized):
http_response_code(401)
However, you should be aware that the Location header should only be used with redirect status codes (3xx). Therefore, to prevent unexpected behavior consider either directly rendering the login page, or use a different method of redirection. See also this answer.
the title may not be 100% clear but I have an issue to which I cannot find a solution... Let me (try to) explain :
I have a Laravel application (v5.5) and when I sign in, everything works fine. I can open a new tab, and my session is found so I do not need to sign in again, which is perfectly normal.
Except (!!!) when I click on a link (i.e from an email) from another tab : when I do this, I need to sign in.
It seems that the session data is completely empty and cannot be retrieved through the cookie. But if I open a new tab and try accessing the url by doing a simple copy/paste in the browser, I'm successfully logged in.
Moreover, after asking for my login/password after clicking the link from the other tab, the application does not redirect me to the queried url as it's supposed to, but rather redirect me to the home page.
Has anyone faced this issue? And maybe successfully solved it?
Thanks !
I've found out what was wrong: I had configured the "same_site" option to "strict" instead of "lax"... It works fine now !
I updated my webshop to 1.9.2.3. When I try to reset my password I do receive the email, but when I click the link to change my password I see a blank page.
I've looked this up on Google and changes customer_account_resetpassword to customer_account_changeforgotten. I changed it in all my customer.xml files just to be sure and I also cleared the cache, but without success.
I also noticed that the URL in the mail is: https://xxx.xx/customer/account/resetpassword/?id=976&token=b13713eb50b22b5a1320adbe08fdf08e but I get redirected to the page https://xxx.xx/customer/account/changeforgotten/
How do I fix this?
This was an issue that was created due to a recent patch that Magento released. They are now enforcing that forms with POST actions must submit the validation token. If you look at the link below, you will find the solution for this problem.
See - https://magentary.com/kb/reset-password-blank-page-after-supee-6788/
I hope this helps! I just recently had this issue myself.
I have a Magento store running 1.9.1.0, it appears that user sessions are being stored incorrectly, because:
If user logs out of their account: on the home page, it's fine, but then if they go to a product they've already visited, they're logged back in automatically.
I believe this to be related to caching, and disabling Fishpigs Bolt seems to fix the issue, but this hasn't occurred on other stores I have with Bolt
How can I ensure that Magento sessions are not cached in such a way?
Although it looks like the user is logged in, it's highly likely that they aren't logged in and that it appears that way because incorrect content has been cached. This shouldn't happen and with the latest version of Bolt, does not happen.
My first suggestion would be to upgrade Bolt to the latest version, which is currently 2.2.0.4. After doing this, fully refresh your cache and see whether this fixes the issue.
If this doesn't help, please contact me directly (I'm the creator of Bolt) using this form and I'll help resolve the issue. After that I'll edit this post with the correct solution.
UPDATE/SOLUTION
This issue was caused because of an incorrect Varnish/Turpentine configuration that stripped the 'frontend' cookie from Magento. As a result the FPC was unable to determine whether the user was logged in or had items in their basket. Removing Varnish/Turpentine resolved the problem.
I believe this is issue regarding caching modules like FPC. You need to mention that phtml block inside header in dynamic blocks in backend so that it will not cache the html.
In your case, even when you log out, when you go back to the page, header is coming from caching layer which was cached when customer was logged in. Make this as a dynamic block which will always render this html from server
I am trying to make some changes in my Drupal 7 site's view. But it gives me this error
Changes cannot be made to a locked view.
Multiple users are not logged into the site.
Please any one can help me?
Thanks.
There is a break lock link in the view itself. click on the link.
What i observed is that when i change the name of my root folder of drupal website on localhost this error occurred.
This can be removed by clicking on break this lock link appearing on top of view itself.
delete the row for "Yourview" in the table "views_object_cache"
I faced this problem several times. Please make sure that you have logged in using only one admin account at a time even though you are using multiple browsers. Also, make sure that you have logged out of the admin account in other browsers before you close them.
If you currently logged in as the same user (admin) in more than one browser, Logging out of one fixed the problem.
After logging out if you still have the problem force logout all users (empty the session table)
TRUNCATE `sessions`;