Login Redirect Loops
Problem
When you attempt to log in, the system redirects you back to the login page without an error.
This issue may also cause an Invalid csrf protection token
error message.
- For other occurrences of redirect loops, see Redirect Loops.
- If the system is forcing frequent logouts, see Frequent Logouts.
Cause
This indicates an issue with PHP sessions on your server.
Troubleshooting
You can confirm this by checking Remember Me on the login page and then attempting to log in again. If this allows you to log in successfully, it confirms that there is a problem with PHP sessions.
Admin Area
To find PHP misconfiguration issues, go to Configuration () > System Health.
Session Test
If you cannot access the WHMCS Admin Area:
- Upload the
test_sessions.php
file to your server. - Visit the file in your browser and note any errors or warnings.
- Refresh the page.
- Every time you refresh the page, the number should increase (for example, from
1
to2
and then from2
to3
). - A message will also display to confirm that your server’s PHP file-based session storage location is writable.
- Every time you refresh the page, the number should increase (for example, from
The expected result from the test_sessions.php
file in a correctly-configured cPanel server environment is:
Array ( [count] => 1 )
PHP session.save_path /var/cpanel/php/sessions/ea-php81 is writable
If the number stays at 1
on your server or a warning states that the PHP session path is not writable , there is a problem with the PHP sessions configuration.
Solution
If you find a PHP misconfiguration issue, work with your system administrator or hosting provider to adjust your PHP configuration. Common things to check for include:
- The configured session
tmp
path not being writable. - The configured session
tmp
path being full.
Workarounds
Disable Session IP Checks
As a security measure, WHMCS evaluates a visitor’s IP address against the expected value.
To disable this temporarily:
- Go to the Security tab at Configuration () > System Settings > General Settings.
- Check Disable Session IP Check.
- Click Save Changes.
If you cannot access the WHMCS Admin Area to view this page, run the following query against the WHMCS database using a tool like phpMyAdmin:
UPDATE `tblconfiguration` SET `value` = 'on' WHERE `setting` = 'DisableSessionIPCheck';
Switch to Database Session Storage
WHMCS can store login session data in the MySQL® database instead of on the filesystem. Switching to database session storage can work around such limitations.
Last modified: October 9, 2024