Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Join Date
    Feb 2006
    Posts
    8
    Plugin Contributions
    0

    Default Admin login loop after enabling SSL - v151

    Hi, I've been searching around since turning on SSL earlier today. After turning on SSL and updating the https prefixes in the configure.php files, I can no longer login to admin control panel. When I try to login, it brings me right back to the login screen with no error. And inbetween the times when I turn SSL on and off to test. It will ask me to change my password because of the new SSL setup - that works fine but once it's done, I can no longer login under SSL. Again, no error, just an immediate return to the login screen.

    I can confirm SSL cert is working properly and that my files are accessed through the same paths in either http or https. My SSL cert was created with the www. prefix and is valid.

    I've tried this on different browsers and different machines, along with a clean Windows Server virtual machine (it's what I had available). I've clear cookies & cache as needed.

    From my reading, it does appear to be possibly be some kind of session issues. The session ID is getting appended to my URL after I make my admin login attempt and then I'm brought immediately back to the login screen. The sessions are showing up in the database as well.

    Although I do have it set to use "db" for STORE_SESSIONS, I did make sure the cache path is CHMOD'ed 777.

    As soon as I disable SSL, the site works again - letting me login to the admin CP.

    Is there any other advice anyone can provide? It's really baffling me.

    Thanks!

  2. #2
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: Admin login loop after enabling SSL - v151

    Quote Originally Posted by michaeltw View Post
    Hi, I've been searching around since turning on SSL earlier today. After turning on SSL and updating the https prefixes in the configure.php files, I can no longer login to admin control panel. When I try to login, it brings me right back to the login screen with no error. And inbetween the times when I turn SSL on and off to test. It will ask me to change my password because of the new SSL setup - that works fine but once it's done, I can no longer login under SSL. Again, no error, just an immediate return to the login screen.

    I can confirm SSL cert is working properly and that my files are accessed through the same paths in either http or https. My SSL cert was created with the www. prefix and is valid.

    I've tried this on different browsers and different machines, along with a clean Windows Server virtual machine (it's what I had available). I've clear cookies & cache as needed.

    From my reading, it does appear to be possibly be some kind of session issues. The session ID is getting appended to my URL after I make my admin login attempt and then I'm brought immediately back to the login screen. The sessions are showing up in the database as well.

    Although I do have it set to use "db" for STORE_SESSIONS, I did make sure the cache path is CHMOD'ed 777.

    As soon as I disable SSL, the site works again - letting me login to the admin CP.

    Is there any other advice anyone can provide? It's really baffling me.

    Thanks!
    What about settings in the database such as Sessions under the configuration dropdown? Have you tried implementing SSL only for the store side (not the admin side) and verified that it works without issue? (Access the login page after turning store side SSL on.) It could also be something in the php.ini file. I've seen this issue before, experienced it before, but am drawing a blank on what exactly could fix it.

    You said that in both configure.php files that the paths were updated, am I correct that at least in the admin's configure.php file you set both the http and https constants to your https URI as well as changed the "use SSL" setting to true?
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  3. #3
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,401
    Plugin Contributions
    87

    Default Re: Admin login loop after enabling SSL - v151

    Who is your web-hosting company?

  4. #4
    Join Date
    Feb 2006
    Posts
    8
    Plugin Contributions
    0

    Default Re: Admin login loop after enabling SSL - v151

    Thanks for the responses.

    Just to add some info, the site is hosted at 1and1.com. When SSL is turned on the store side of things works perfectly. It switches to SSL when it's supposed to and I can successfully login and place an order all under SSL. I can also login and check order history. I do notice that when logging in securely on the store side, there is no session info added to the URL. As I said in my first post, when I do get that loop after trying to login on the Admin side, there is a session number appended to the URL.

    I feel like I've tried various combination of session settings - are there any specific recommendations to try?

    Thanks again!

  5. #5
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,401
    Plugin Contributions
    87

    Default Re: Admin login loop after enabling SSL - v151

    Are you using their shared SSL or a dedicated SSL certificate?

  6. #6
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,401
    Plugin Contributions
    87

    Default Re: Admin login loop after enabling SSL - v151

    Quote Originally Posted by lat9 View Post
    Are you using their shared SSL or a dedicated SSL certificate?
    If you're using their shared SSL, this post might help: http://www.zen-cart.com/showthread.p...30#post1185530

  7. #7
    Join Date
    Feb 2006
    Posts
    8
    Plugin Contributions
    0

    Default Re: Admin login loop after enabling SSL - v151

    Thanks again but no it's my own dedicated certificate with the www.* prefix, so it all matched properly.

    But I will check that out and see if there's anything there to try, I'll post my results.

  8. #8
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,401
    Plugin Contributions
    87

    Default Re: Admin login loop after enabling SSL - v151

    Hmm, I've got two other 1and1 sites that use a dedicated SSL certificate (store-side and admin) with no issues. Have you changed any of the Configuration->Session values from their defaults? If you could post the contents of the top portion of your admin's configure.php there might be something that "stands out". Here's what one of mine looks like:
    Code:
    /**
     * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
     * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
     */
      define('HTTP_SERVER', 'https://mysite.com');
      define('HTTPS_SERVER', 'https://mysite.com');
      define('HTTP_CATALOG_SERVER', 'http://mysite.com');
      define('HTTPS_CATALOG_SERVER', 'https://mysite.com');
    
      // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
      define('ENABLE_SSL_ADMIN', 'true');
    
      // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
      define('ENABLE_SSL_CATALOG', 'true');
    
    // NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
    // * DIR_WS_* = Webserver directories (virtual/URL)
      // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
      $t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];
    
      define('DIR_WS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p1) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
      define('DIR_WS_CATALOG', '/');
      define('DIR_WS_HTTPS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p2) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
      define('DIR_WS_HTTPS_CATALOG', '/');
    This site doesn't use the www. prefix, so that prefix value is not present in any of the https:// URLs.

  9. #9
    Join Date
    Feb 2006
    Posts
    8
    Plugin Contributions
    0

    Default Re: Admin login loop after enabling SSL - v151

    Thanks for everything, using info in one of the forum links above, I found this:

    define('CUSTOM_COOKIE_PATH', 'MY ADMIN PATH');

    Added it with the correct path to the admin configure.php and everything just started working. The cookies started getting created and the session id was no longer appended to the URL.

    Thanks again to all - hope this helps others with similar issue.

  10. #10
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: Admin login loop after enabling SSL - v151

    Quote Originally Posted by michaeltw View Post
    Thanks for everything, using info in one of the forum links above, I found this:

    define('CUSTOM_COOKIE_PATH', 'MY ADMIN PATH');

    Added it with the correct path to the admin configure.php and everything just started working. The cookies started getting created and the session id was no longer appended to the URL.

    Thanks again to all - hope this helps others with similar issue.
    Still sounds like it might be something in the php.ini file related to cookies. Obviously works with the above, and maybe this site will only use ZC, but if another application is installed that uses cookies/sessions, then the problem will still exist. Fyi, when saying that the session I'd was not added to the end, you mean that after the first time that it is appended it no longer appears. Correct?
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 3
    Last Post: 22 Jul 2010, 06:11 PM
  2. Admin Login Issues After Enabling SSL
    By Symbah in forum Basic Configuration
    Replies: 0
    Last Post: 24 Nov 2009, 07:41 AM
  3. Replies: 0
    Last Post: 26 Aug 2009, 11:18 AM
  4. After enabling SSL, text size in sideboxcontent and login box are different from CSS?
    By Echtlicht in forum Templates, Stylesheets, Page Layout
    Replies: 3
    Last Post: 6 Apr 2009, 06:05 PM
  5. Customers cannot login after enabling SSL
    By Crimson_Wake in forum Basic Configuration
    Replies: 2
    Last Post: 29 Oct 2008, 01:59 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR