Can't login to Magento admin

I have magento installed in a subdirectory. www.domain.com/subdir/magento

This site worked perfectly at one point. I changed nothing, until my client said he couldn't login to magento admin.

I logged in just fine from my computer, but on his computer it just redirected back to the magento admin login without an error message and a url that looked goofy like this:

http://domain.com/subdir/magento/index.php/admin/index/index/key/3097210b826ac4a86d7531cb4089c9d0/

I thought that his cookies were being blocked, but that was not the case.

My magento settings were secure/unsecure baseurl: http://domain.com/subdir/magento/

web cookie path: (blank)
web cookie domain: (blank)

After clearing out var/cache, I found that I myself could not login to the admin either, with the same exact issue.

I tried the following settings without luck:

path: /
domain: domain.com

path: /subdir/magento
domain: vigrond.com

I also tried commenting out those lines in Varien.php, but that had no effect either.

My server account is a VPS and it has plenty of free space.

So I'm pretty much lost, wondering why this happened in the first place when it worked before (didn't change anything), and why it's so complicated?

Any help appreciated


If a login error message ("invalid password", etc.) isn't being displayed it's almost always a session cookie problem. In order to rule it our entirely, use Use your browser's cookie viewer and/or your favorite HTTP traffic sniffer and check

  1. That all the cookies have proper expiration dates after being set

  2. That the session cookie has a consistent token name/value for each request

  3. That PHP, when running through Magento, has the various session lifetime ini settings at a reasonable value

  4. That PHP can write to whatever it's using as a cookie storage medium

  5. That the server's time matches the real time, and that PHP itself has a timezone set


Find app/code/core/Mage/Core/Model/Session/Abstract/Varien.php. in your Magento install folder. Comment out the lines (see below) 80 to 83. The line number may vary.

    // set session cookie params
    session_set_cookie_params(
        $this->getCookie()->getLifetime(),
        $this->getCookie()->getPath()//,
        //dependes which versin of mage you are using, you may comment these as well
        //$this->getCookie()->getDomain(),
        //$this->getCookie()->isSecure(),
        //$this->getCookie()->getHttponly()
    );

This is caching issue. Which recently Magento community confirmed that is sorted but it is not. :)

Just clear your cache and do this steps it should work anyway.

Comment this lines also

//        if (!$cookieParams['httponly']) {
//            unset($cookieParams['httponly']);
//            if (!$cookieParams['secure']) {
//                unset($cookieParams['secure']);
//                if (!$cookieParams['domain']) {
//                    unset($cookieParams['domain']);
//                }
//            }
//        }
//
//        if (isset($cookieParams['domain'])) {
//            $cookieParams['domain'] = $cookie->getDomain();
//        }
  • Make sure you have cookies enabled in your browser, try a number of different browsers including Safari or Opera. Chrome will give some problems and you need to remember to clear you cache in Chrome after making changes!

  • Make sure you file permissions are set to EVERYONE - FULL CONTROL for Windows and 777 for your Mac/Linux environment If all that still doesn’t work you can try this: (I do not recommend this solution for a production version of Magento, but for you local test enviroment this will work.)

  • Check the version of php you are using. If you are using recent Magento try to find which version of PHP and extensions requires.

More details


Did you erase the session storage in var directory?

In my case, when I was playing with autorization for multistore on subdomains (changed path and domain for cookie as you did), this method helped me to drop the "bad" cookie and sucessfuly logined in admin:

In apppath/var/session directory I've made command in shell (be careful with path, this could delete all the files in the directory)

rm -rf /path/to/magento/var/session/*

And then just clean the cookie for domain in browser.