Magento sign in not working: 5 Ways to decide what to do next

3 fool-proof cases you can come up with the issue are:

  • Magento admin sign in not working: having entered your username and password, but still unable to login to Magento admin without error or any other message in Magento access logs;
  • Magento customer/frontend sign in not working: the sign in form won’t work for Chrome (any other browser), as a result, you are redirected to the frontend sign in page without any warning;
  • Magento checkout sign in not working: the customer sign in on the checkout page won’t work, whereas the sign in does well everywhere else on the website.

First off, check out whether the issue is your hang-up: enter incorrect sign in and password to see there is an error message:

 magento sign in not working 

 

invalid username magento admin

 

Are valid credentials beside the point? Read on. 

What needs to be done to make Magento sign in work:

The commonest reason for the problem is that the cookie params being set by the Magento backend on your browser are absent or have never been installed.

You need to learn why the cookie’s missing

#1 Check cookie expiration

Having been set, the cookie’s instantly expiring. To check it start with the cookies your browser contains and if there’s one from Magento. 

setcookie (
"CookieName",
"CookieValue",
time (+ (10* 365* 24* 60* 60)
) ;

 

The local time could have been set incorrectly. You can check backend settings made by your admin users in Magento admin logs (when installed).  This being so, the both timezones applied by Magento should be reviewed. The cookie specification can be set to expire in 10+ years. 

See also: How to  set up cookie in Magento 2: cookie domain, path, lifetime →

#2 Shift to the localhost interface

Being set to run locally the Apache webserver may be accessed through the localhost (hostname). Thus, the cookie won’t be set due to security configs of the browser. Stop using localhost, but run the localhost interface instead. You need either to shift the base url_values in core_config_data table or to look at your interface configuration. Then delete your contents and reload the page. 

#3 Prove the cookie domain matches the server’s

Go to the core_config_data table via the SQL command and renew it to a less secure -> empty string or a safer -> actual domain: 

System-> Configuration-> Web -> Session Cookie Management

#4 Confirm ‘getBlockHtml’ is there

‘Formkeys’ or getBlockHtml is used for protecting Magento against XSS attacks. It’s saved in the session data and validated during the submission to the server.

<?php echo $this->getBlockHtml (‘formkey’) ; ?>

If something is wrong about it the action won’t be completed.   

#5 Review app\code\core\Mage\Core\Model\Session\Abstract\Varien.php

 Other team developers could have customized app\code\core\Mage\Core\Model\Session\Abstract\Varien.php:

/* to solve login issue */
/*if (!$cookieParams[ 'httponly']) {
unset (!$cookieParams[ 'httponly']);
if (!$cookieParams[ 'secure']) {
unset (!$cookieParams [ 'secure']);
if (!$cookieParams[ 'domain']) {
unset (!$cookieParams[ 'domain']);
}
}
}
if (isset ($cookieParams ['domain'])) {
$cookieParams ['domain'] = $cookie->getDomain();*/ //I have commented these lines

 

Thus, bugs tracking and sign in work could have been affected. 

The bottom line

Now you know full well the issue can arise at different levels: admin/customer/checkout sign in is not working. Commonly, the problem stems from incorrectly set cookie params:

  • cookie expiration
  • the localhost access to Apache webserver;
  • cookie domain doesn’t match with the server’s one;
  • ‘formkey’ is missing;
  • app\code\core\Mage\Core\Model\Session\Abstract\Varien.php is customized by other developers.

Having cast about for all the potential causes and applied the needed one for your Magento, check if the user is signed in, which means one of the active solutions worked.

How can we help you?

Didn’t you find the answer to your question? We are always happy to help you out.