[#22128] - Cannot login to Jooml backend as an administrator - infinite login loop
- Closed
- 13 Oct 2018
- Medium
- Build: staging
- # 22128
I've installed Joomla and started configuring the site.
After changing the Administrator user's name (not login name!) I could no longer login into the site's backend (domain.name/administrator).
Entering correct credentials just lead to the login page again.
However, Joomla reacted to incorrect credentials - in this case, a message was displayed: "Username and password do not match or you do not have an account yet."
I've searched the internet for this problem and found many different reasons, double-checked all suggestions and nothing helped. In particular, the required modules were enabled, tried disabling .htaccess, etc.
In a HTTP debugger I've noticed that there were multiple session cookie names at the same time.
After some digging, I've found the file libraries/src/Session/Session.php and line 920:
$this->_handler->setName(md5($options['name']));
The debugger showed that $options['name'] is already an md5-hash calculated elsewhere (CMSApplication.php, line 738: 'name' => \JApplicationHelper::getHash($this->get('session_name', get_class($this)))).
I removed md5 and everything works fine now, i.e. changed libraries/src/Session/Session.php, line 920 to:
$this->_handler->setName($options['name']);
| Labels |
Added:
?
|
||
franz-wohlkoenig
- | Status | New | ⇒ | Information Required |
| Category | ⇒ | Authentication |
more like the cookie_* vars in the /configuration.php file had been incorrectly set and not left as blank strings. 99% of the time this login loop with no error message is due to that.
| Closed_By | Quy | ⇒ | joomla-cms-bot |
| Status | Information Required | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-10-13 00:13:38 |
| Closed_By | ⇒ | Quy |
Set to "closed" on behalf of @Quy by The JTracker Application at issues.joomla.org/joomla-cms/22128
Closing for now. If this is still an issue, please advise.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22128.
While inefficient, double md5 hashing would not be creating your particular issue. I honestly feel like your change is more of a coincidence that things "work fine now" than actually fixing a bug, and if there were a bug related to that operation it would be something that could be consistently reproduced (and have been reported before now).