Magento 1.9 Can’t login to admin panel!

  • I have installed Magento 1.9. It was working well for a week. Suddenly yesterday, when I tried to login to the Magento admin panel and I typed username and password, clicked Login button and nothing happened. The page refreshes and that’s all. No error or any other messages.

    If I entered wrong username or password, It shows error.

    After I googled about this issue, I was recommended to comment following lines in:


    /* to solve login issue */
      /*if (!$cookieParams['httponly']) {
      if (!$cookieParams['secure']) {
      if (!$cookieParams['domain']) {
    if (isset($cookieParams['domain'])) {
      $cookieParams['domain'] = $cookie->getDomain();*/ //I have commented these lines

    And for some older versions below was recommented in the same file.

    $cookieParams = array(           
        'lifetime' => $cookie->getLifetime(),           
        'path'     => $cookie->getPath(),           
        //'domain'   => $cookie->getConfigDomain()           
        //'secure'   => $cookie->isSecure(),           
        //'httponly' => $cookie->getHttponly()       

    Even after that, I could not login into admin. It is as it was. Anyone faced this issue? Is there any other solution to this issue?

    (I tried clearing cache and session through ftp).

    could you please clear the browser cache/cookie and try again?

    Copy core files to `app/code/local/Mage/Core..blahblah` for editing so Magento overrides the core file. Also use git for version control, it is a godsend.

    If you're using Chrome, key F12 > Resources > Cookies > Right-click your domain > Clear.

  • Alan Storm

    Alan Storm Correct answer

    6 years ago

    While it may offer you a temporarily solution, you should considering not modifying the core code like that to solve problems. Changing the source code of an application will create problems that are much more difficult to track down.

    There's a number of different issues that cause the errorless admin login behavior you're seeing, but they all go back to Magento not being able to set or read the session cookie. Magento uses sessions to pass error messages between pages — that's why you don't see an error message. Magento also uses sessions to store the "is logged in" value, so not setting sessions also causes the core error behavior.

    Possible causes include

    • Local computer time vs. server time mismatch, causing instant cookie invalidation. Make sure your server time is correct.

    • Incorrect permissions on var/session, preventing session files from being saved

    • Incorrect configuration of database/redis/other session storage, preventing saving of session values

    • A module is instantiating sessions to early, preventing the correct session names from being set

    • You're a developer using multiple URLs and have multiple cookie domains

    • Another developer has somehow modified app\code\core\Mage\Core\Model\Session\Abstract\Varien.php, creating a hard to track down bug

    • The cookie domain in System -> Configuration -> Web -> Session Cookie Management doesn't match the actual site domain.

    • You're using the localhost as your server domain, and using a version of webkit that has trouble/bugs setting cookies for localhost in some situations.

    The short term fix is to just delete your cookie for the domain. That's often enough to solve the problem. If it persists, figure out which of the above reasons is the reason for your error, and take steps to address it (fix permissions, etc.)

    You can use n98-magerun's sys:check command to find problems with cookie domain and base url.

    @Alan Storm, Thank you for the clear explanation. I solved my issue. In my case, reason of issue is 3rd one.

    In my case, there was not enough disk space on the server. So you may want to add this as a possible cause.

    @cmuench I run that command and I don't understand results: Invalid Unsecure BaseURL Store: default Wrong hostname configured. Hostname must contain a dot ✖ Invalid Unsecure BaseURL Store: french Wrong hostname configured. Hostname must contain a dot ✖ Invalid Unsecure BaseURL Store: sot_eng Wrong hostname configured. Hostname must contain a dot ✖ Invalid Unsecure BaseURL Store: sot_fra Wrong hostname configured. Hostname must contain a dot ✔ Cookie Domain (secure) of Store: default OK - No domain set All Cookie domain look the same Ok and No domain set

    @Denisa You'll have a bit more luck if you try asking that as a new question.

    Clearing the magento cache using an external php script followed by clearing the browser cookies did it for me. Script: require_once 'app/Mage.php'; $app = Mage::app(); if($app != null) { $cache = $app->getCache(); if($cache != null) { $cache->clean(); } }

    Had the same problem after upgrading from 1.8 to 1.9 - I deleted my cookies and could login again.

    Great answer. My problem turned out to be the cookie domain. I always remember to change base_url and secure_base_url, but sometimes forget to check `.htaccess` settings and the cookie domain.

    @AlanStorm, pls look into this, What is the exact problem ? thanx in advance

    You can also add the "disable admin captcha" to the list of common problems you wrote. See my answer bellow.

  • I'm having the same symptoms on some Magento installations(not only 1.9). In my case, it happens only in Chrome. I'm fixing this by logging in Firefox/Safari/Opera, and changing 'Use HTTP only' to 'No' in 'Session Cookies Management' of the 'Web' settings.

    See Magento's backend screenshot with cookies settings

    This helped me get my development environment running in Chrome, but remember not to use these settings in production as it opens up a whole class of security vulnerabilities.

    where is the Session Cookies Management section?

    Also check your cookie domain - I was developing locally and this turned out to be my issue.

    Helped me a lot! Never knew that this only happens in Chrome. Haha!

    To set `Use HTTP only` to `No` without admin panel access. You can launch directly this SQL query : UPDATE `__DATABASE_NAME__`.`core_config_data` SET `value` = '0' WHERE `core_config_data`.`path` = 'web/cookie/cookie_httponly';

  • I had this problem too. Turned out sessions couldn't get written to var/session, even though the directory itself is set to 0777. Magento created session files, but they all remained zero bytes.

    Changing session storage from files to db solved the problem for me.

    this works! I don't understand why Magento doesn't write the sessions and cache on files. The permissions are correct!

    If I recall my situation, it was either that the disk was full, or that the session directory had too much files.

    This one works for me!!

    In my case: Changing session storage from db to files resolved issue.

    1. Open your Magento installation directory. Locate and open index.php file.
    2. Search for error_reporting(E_ALL | E_STRICT); code.
    3. Comment it out like that:

      /*error_reporting(E_ALL | E_STRICT);*/

    4. And use the following code instead:



    5. Uncomment it by removing the # sign, so it looks like that:

      ini_set('display_errors', 1);

    6. Save this file and upload to the server. Reload your website page to see errors.

  • I recently had the same problem and simple trick worked for me. Also this is for people who cannot access the dashboard on Google Chrome. If you can work on Mozilla Firefox then please do so because I guess this issue is not persistent on Mozilla firefox.

    So the solution for chrome is:

    Goto System->Configuration->Web. Expand the Unsecure and Secure tab. Change the Base URL to[Your folder name] if you are using localhost or change it to your Site URL through which you are accessing the frontend. I had to login twice to get to the Dashboard since when I entered the details for the first time, it just refreshes and comes back to the same page as you mentioned it as looping.

  • Another possible reason: harddisk/volume/quota is full and so the session data can't be written to disk. May seem unlikely, but just happened the second time to me and took a while to figure out.

    I don't have enough reputation to comment, but @Alan Storm, maybe you want to take this in your excellent list.

  • Open your phpMyAdmin from your host try once this sql command.

    Run this SQL:

    UPDATE core_store SET store_id = 0 WHERE code='admin';
    UPDATE core_store_group SET group_id = 0 WHERE name='Default';
    UPDATE core_website SET website_id = 0 WHERE code='admin';
    UPDATE customer_group SET customer_group_id = 0 WHERE customer_group_code='NOT LOGGED IN';SET FOREIGN_KEY_CHECKS=1;

    Now admin can able to log in.

    Please follow this:

    Admin page shows 404 pages not found

    don't forget to open in anonymous window or another browser for removing sessions

  • I had the same problem and I solved it by deleting all files in /var/session . I think it's because too many session in Magento!

  • Alarm Storm List is correct and detailed. Here are couple of additional cases.

    1. In vagrant, check permission of var/session on host Machine too
      (mounting issues)
    2. Check if you disk is full or too many files in var/session
    3. Run n98-magerun.phar sys:check (catches issues including cookie domain)
    4. Change session to database by editing local.xml. It will rule out most permission issues by using insidie <global>


    Also be vary of third party extensions (firewall/security extensions) for example puts you on black list if you try too many times.

    Can happen if your session is originally not working for permission issues but then continue failing even after you fix original issue

    In your particular case keep an eye on admin_session_user_login_success event as most security /firewall modules use this event. Specially keep an eye if variable $_SESSION['admin'] is reset by observers

  • First of all try to clear you cache I think and if this does not work, try to make chmod 700 on your var folder.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM