Thread

I’ve got a EE Personal installation that I’ve been working on setting up. This morning I noticed that I had been logged out and that I am unable to log in again.

When I submit my username/password, the login page reloads without showing any error message. I don’t think it’s a password problem because a) I did the reset password thing and have the same problem with the new one, and b) if I intentionally submit a bad password I’m shown a red “password incorrect” error. Using the correct one, the page just reloads with what looks like a session ID in the URL:

http://example.org/something/index.php?S=6ae2e5981c58d8f8a7250e7e3e518faeb82fad72

(I renamed my system folder to “something”, but not recently so that’s not the problem)

When I log in with an intentionally bad password I get this URL:

http://example.org/something/index.php?S=0&C=login&M=auth

I’ve been working on this development installation for about a week with no problems whatsoever. The only thing I’ve modified are the templates; I haven’t touched any of the system files or installed any new plugins. MySQL is running fine, which I verified myself and also demonstrated by the fact that EE sent me my password reset notification. I’m pretty sure I have the EE administration set to use cookies only, but this is not a recent change and my browsers are accepting cookies. This installation is running locally on my Powerbook and I have this problem using both Firefox and Safari on OS X.

I haven’t yet had time to reinstall the system; I will if I have to but I’m more interested in figuring out what happened so I can prevent it happening again.
What could cause this behavior?

Modified because it’s good to keep your system folder out of public view

No need to reinstall.  And really nice rundown of what’s up- particularly because I was wondering if it was browser related.

Hm- go in, grab your system/config.php file- let’s try overriding the backend security settings- let’s put it to cookies only, make sure you have a cookie domain, and then clear cookies and try again.  To set the overrides, add these two variables in config.php:

$conf['admin_session_type'] = "c";
$conf['cookie_domain'] = ".mysite.com";

Let’s see if that gets you in- and don’t miss that leading ‘dot’ on the cookie domain.

Same problem after modifying config.php, I’m afraid. I’m redirected to index.php with a long session ID query string. Deleted cookies, tried both browsers.

I was so focused on the backend when I wrote my original post that I didn’t mention that the frontend—templates, pages, weblog entries— are all working fine. I have a second EE installation on this laptop that’s also still working normally.

Thanks for editing that system folder name but anyone trying to hack me using the domain example.org is in for some disappointment 😊

LOL- good call on the domain name.  Hm- well, if we switched it to cookies only for the admin session, I can’t figure why it’s giving you a session id in there.  OK- try the opposite- change:

$conf['admin_session_type'] = "s";

Let’s see what happens.  I’m starting to get puzzled.  Oh- do you have the multisite manager installed?

kchrist, are you using the MSM at all?

No, no MSM. Just plain vanilla EE with no extra plugins or anything.

I’m not at home now but I’ll try setting config.php to sessions only first thing this evening and report back. In the meantime, I welcome any and all other suggestions. Thanks.

Forcing session IDs in config.php got me back in, thanks!

I tried setting the CP preference to use session IDs and commenting out that line in config.php and it locked me out again. So whatever the problem is, it’s only responding to the setting in the file, not my CP setting. I’m going to look into this a bit more and I’ll follow up when I find anything.

I’ll also check anything else you want in case you also want to investigate.

Thanks for your help.

Kenn, when you manually edit the config.php file to set admin_session_type, it overrides any changes you make in the back end directly.

Oh, right. That’s what I figured. I meant that I tested the CP backend settings by changing them and commenting out the changes to config.php. I mean, it used to work that way, so I’m just trying to figure out why it isn’t any more. But at least the config file fix works, whatever the root of the problem may be.