I have magento installed in a subdirectory. www.domain.com/subdir/magento

This site worked perfectly at one point. I changed nothing, until my client said he couldn't login to magento admin.

I logged in just fine from my computer, but on his computer it just redirected back to the magento admin login without an error message and a url that looked goofy like this:

http://domain.com/subdir/magento/index.php/admin/index/index/key/3097210b826ac4a86d7531cb4089c9d0/

I thought that his cookies were being blocked, but that was not the case.

My magento settings were secure/unsecure baseurl: http://domain.com/subdir/magento/

web cookie path: (blank)
web cookie domain: (blank)

After clearing out var/cache, I found that I myself could not login to the admin either, with the same exact issue.

I tried the following settings without luck:

path: /
domain: domain.com

path: /subdir/magento
domain: vigrond.com

I also tried commenting out those lines in Varien.php, but that had no effect either.

My server account is a VPS and it has plenty of free space.

So I'm pretty much lost, wondering why this happened in the first place when it worked before (didn't change anything), and why it's so complicated?

Any help appreciated

If a login error message ("invalid password", etc.) isn't being displayed it's almost always a session cookie problem. In order to rule it our entirely, use Use your browser's cookie viewer and/or your favorite HTTP traffic sniffer and check

1. That all the cookies have proper expiration dates after being set

2. That the session cookie has a consistent token name/value for each request

3. That PHP, when running through Magento, has the various session lifetime ini settings at a reasonable value

4. That PHP can write to whatever it's using as a cookie storage medium

5. That the server's time matches the real time, and that PHP itself has a timezone set

Find app/code/core/Mage/Core/Model/Session/Abstract/Varien.php. in your Magento install folder. Comment out the lines (see below) 80 to 83. The line number may vary.

    // set session cookie params
    session_set_cookie_params(
        $this->getCookie()->getLifetime(),
        $this->getCookie()->getPath()//,
        //dependes which versin of mage you are using, you may comment these as well
        //$this->getCookie()->getDomain(),
        //$this->getCookie()->isSecure(),
        //$this->getCookie()->getHttponly()
    );

This is caching issue. Which recently Magento community confirmed that is sorted but it is not. :)

Just clear your cache and do this steps it should work anyway.

Comment this lines also

//        if (!$cookieParams['httponly']) {
//            unset($cookieParams['httponly']);
//            if (!$cookieParams['secure']) {
//                unset($cookieParams['secure']);
//                if (!$cookieParams['domain']) {
//                    unset($cookieParams['domain']);
//                }
//            }
//        }
//
//        if (isset($cookieParams['domain'])) {
//            $cookieParams['domain'] = $cookie->getDomain();
//        }

• Make sure you have cookies enabled in your browser, try a number of different browsers including Safari or Opera. Chrome will give some problems and you need to remember to clear you cache in Chrome after making changes!

• Make sure you file permissions are set to EVERYONE - FULL CONTROL for Windows and 777 for your Mac/Linux environment If all that still doesn’t work you can try this: (I do not recommend this solution for a production version of Magento, but for you local test enviroment this will work.)

• Check the version of php you are using. If you are using recent Magento try to find which version of PHP and extensions requires.

More details

Did you erase the session storage in var directory?

In my case, when I was playing with autorization for multistore on subdomains (changed path and domain for cookie as you did), this method helped me to drop the "bad" cookie and sucessfuly logined in admin:

In apppath/var/session directory I've made command in shell (be careful with path, this could delete all the files in the directory)

rm -rf /path/to/magento/var/session/*

And then just clean the cookie for domain in browser.

I never resolved the issue. But I wiped the clients computer and reinstalled windows 7, and it worked. It was very strange that it didnt work before as he was not behind a proxy, did not have ad ons or viruses. And the issue reproduced in each of his browsers (chrome firefox and IE). It was not a router issue. It was a windows issue, but I couldn't tell you what exactly was causing it. It was not the internet security settings either, as I checked those. Also checked the host file. As I said before, very baffling

I was fighting with this issue today on my local server. I couldn't login using any browser. I really didn't want to comment out any lines in core files or doing any other "dirty" solutions.

Firstly I checked cookie set by browser. It had expiration set to 1970, so clearly it was a cookie problem.

I checked values for cookies in magento database. In phpmyadmin I found table core_config_data, then fields with values : web/cookie/cookie_domain and web/cookie/cookie_path. They were both blank.

My solution was to set:

web/cookie/cookie_domain to my domain name

and

web/cookie/cookie_path to /.

Example:

your domain where you run magento is magento.local set:

web/cookie/cookie_domain = magento.local

and

web/cookie/cookie_path = /

I had the same problem, but I was working on XAMPP on windows 7 x64.

In Magento system - configuration - web - session cookie management change Use HTTP Only to no and Cookie Lifetime to 86400.

I only changed the Cookie Lifetime just in case of daylight saving time may not have to be changed.

Before the changes I could only login using Firefox and after the changes all browsers work.

Leave Cookie Path and Cookie Domain blank.

Check the cookie configs in core_config_data table and check if your session is being saved on db. In my case, someone just changed the cookie domain and the cookie path with a wrong value.

You can also check this on the node in your app/etc/local.xml. If it's on db, maybe you should change do files to be able to clean the session data directly on var/session dir.

Delete cookies (related to your domain) from your browser setting.

I was facing the same issue and at the end i found that it was due to full disk space and due to this Magento was not able to create sessions file in the var var/session folder. After cleaning up log files that issue was resolved.

Also, you can update the password in the database if everything else from above didn't work and you need desperate access:

UPDATE admin_user SET password=CONCAT(MD5('qXpassword'), ':qX') WHERE username=‘user’;

replace user and password words according to your needs.

If nothing works, make sure the disk quota is not exceeded. The new session cookies created under ./var/session will be zero bytes length if disk quota for the user is exceeded.

In Case, that you dont see any cookie named "frontend" or "adminhtml", when you reload the page, the Magento cookie wasn't set. In my case I have a wrong cookie_domain. I used "null" instead of "NULL".

As I set my cookie_domain to NULL in core_config_data, the problem was solved