I can't login to Magento Admin

Has this ever happened to you?

12:04pm: I modify my hostfile and log into my local vm but I am unable to log into the Magento admin panel.

No error. No warning. Just a blank stare:

12:23pm: Reset var/session permissions? No go. Maybe my password's wrong? Enter a few ones I had used previously, get locked out of Magento admin. Reset password with SequelPro, reset my lockout, login... nothing.

tableflip

12:28pm: Open incognito, log in. Blammo, works. Clear cookies, log in, make change, test, commit.

Finally. Back to work.

12:31pm: I modify my hostfile and go back to the staging server, up the changes and verify. Switch back to VM and I am unable to log in to the Magento admin panel. After entering the correct password. Forced to clear cookies again.

What the deuce

So it turns out that, while there have been many blogs written about this phenomenon, all the usual suspects were in order for me. I took to Twitter to ask if anyone had experienced this and had all the usual suggestions like "incorrect permissions on var/session".

This wasn't my first time encountering this issue and I am well-aware of the standard debug process. I also know that the only way to fix this when I run across it is to just go ahead and nuke my cookies.

I wasn't so curious as to how to fix it, but, rather why it happens in the first place.

Enter, Kristof:

Lightbulb

So it turns out that this is an entirely reproducable error, wherein if you have two cookies with the same name and different - completely valid - domain strings, Magento will not know which one to handle and therefore do nothing at all.

I routinely switch back and forth between staging, development, and production servers and it turns out that on staging we had the following cookie domain:

And on my local dev vm it was:

So it turns out that you can pick up two of the same adminhtml cookie for the site with two different cookie domains and Magento croaks.

The fix

The fix should be obvious: straighten out your cookie domains. Either configure them so that they're absolutely identical or set up your staging, local, and production to be on different root domains.

You can replicate this pretty easily by merely adding a secondary cookie with another (valid) domain. I demonstrate this by modifying cookies here in this Quickcast below:

comments powered by Disqus