Thread

This question may be related to a resolved thread.

I’m experiencing the issue where I log into the CP and despite using correct login details I get redirected back to the login page. 

I know that I can sidestep this by changing to use cookies instead of a Session ID only but I want to use a Session ID.  Has anyone figured this one out?  It happens in Safari, Firefox and Chrome.

Thanks

Some more detail.

I get redirected back with a “S=0” in the URL.  However if I grab the session ID from the database and add it to the URL manually I am actually logged in.

Pretty sure I have had this as a result of Chrome caching a failed login redirect.

Check your cookie domain settings. After you’ve made sure it’s correct, clear your browser cache (including all cookies) and try again.

Pretty sure I have had this as a result of Chrome caching a failed login redirect.

I can see how that could happen but it’s not the cause this time.  I’ve even tried it in Internet Explorer.

Check your cookie domain settings. After you’ve made sure it’s correct, clear your browser cache (including all cookies) and try again.

I have tried both with my cookie domain set to “.mysite.com” and blank. (the cookie path and prefix are blank)

I don’t follow the logic of how this could be the problem though since the point is to use a session id rather than a cookie.  It seems to me as though the redirect is what’s wrong.

Thanks for your help.

When you grab the session ID manually from the DB, what is the value of admin_sess?

Oh, ok I see .. I thought you were using cookies, cause if you’re using cookies and the cookie domain is wrong you’ll experience exactly this kind of behaviour (just being redirected back to the admin login page after logging in).

When you grab the session ID manually from the DB, what is the value of admin_sess?

It’s 1.

Oh, ok I see .. I thought you were using cookies, cause if you’re using cookies and the cookie domain is wrong you’ll experience exactly this kind of behaviour (just being redirected back to the admin login page after logging in).

Yeah, it really is very similar to problems others seem to have had with cookies turned on.

When you grab the session ID manually from the DB, what is the value of admin_sess?

It’s 1.

There goes my hunch, right out the window 😊 I thought it might be 0.

Changing line 404 of login.php from

$return_path = BASE.AMP.'C=homepage';

to

$s = ($this->config->item('admin_session_type') != 'c') ? $this->session->userdata('session_id') : 0;
                
$return_path = SELF.'?S='.$s.'&D=cp'.AMP.'C=homepage';

“fixes” the problem. 

The BASE constant gets defined before the authentication function gets called so it gives a URL with a session id of 0.  The homepage controller sees a 0 session id and redirects back to the login page.

Can anyone confirm that they have the same issue?  I’m using Freelancer v2.1.1 You’ll need to switch to Session ID only in the CP, make sure you’re not setting it in the config.php file, logout and clear your cookies and then try and log in.

Edit:  I wonder if this issue has been around for a while, but all the other threads say “just change to cookies” so it hasn’t been an issue?

Hi, Padraig. I can replicate this problem on EE2.1.1 - so it’s not just the Freelance version. I suspect it’s been there for a while, I rarely use sessions.

Thanks for posting the bug report to https://support.ellislab.com/bugs/detail/14708/

Looks like Robin is taking on this one. 😊

Thanks for confirming it. 

Given that it’s probably been broken for quite a while without really bothering anyone maybe it’d be a good time to simplify things and remove the feature altogether?

(I only put the time in to figuring it out and reporting it so that I could support the “Session ID only” feature in http://hellomountee.com)

I don’t know if I’d go that far. 😊 Since this is in the bug tracker, I’m going to go ahead and close the thread. Don’t hesitate to post again as needed.