Troubleshooting Login Problems
Introduction
If, when entering login details, the system redirects you to the login page without an error, this indicates an issue with PHP sessions on your server.
You can confirm this by checking Remember Me on the login page:
If you are logged in and checked this option, it confirms there is a problem with PHP sessions.
This may also manifest as an Invalid csrf protection token
error message.
Common things to check for include:
- The configured session
tmp
path not being writable. - The configured session
tmp
path being full. - A misconfiguration of the proxy or CDN in front of your web server.
This is a PHP or environment configuration-level issue. Shared or reseller users will require the assistance of their hosting providers.
PHP Session
WHMCS will identify the common causes of PHP session problems and display them at Configuration > System Health.
For more information, see PHP Session Support.
If you cannot access the WHMCS Admin Area:
- Upload
sessiontest.php
(below) to your server's web root. - Visit it in your browser.
- Every time you refresh the page, the number should increase (for example,
1
,2
,3
,4
). - A message will also display to confirm that your server's PHP file-based session storage location is writable.
- Every time you refresh the page, the number should increase (for example,
If the number stays at 1
on your server or a warning states that the PHP session path is not writable , there is a problem with the PHP sessions configuration.
You will need to contact your server administrator or hosting provider to investigate and resolve this misconfiguration.
Proxy or CDN
If your server is behind a proxy, load-balancer, or CDN, a misconfiguration could be causing the session problem.
For help configuring WHMCS for use with proxies, load-balances, and CDNs, see Trusted Proxy Settings.
Workarounds
Disable Session IP Checks
As a security measure, WHMCS evaluates a visitor's IP address against the expected value.
To disable this temporarily:
- Go to the Security tab at Configuration > System Settings > General Settings.
- Check Disable Session IP Check.
- Click Save Changes.
If you cannot access the WHMCS Admin Area to view this page, run the following query against the WHMCS database using a tool like phpMyAdmin:
UPDATE `tblconfiguration` SET `value` = 'on' WHERE `setting` = 'DisableSessionIPCheck';
Switch to Database Session Storage
The system stores database session data in flat files at the location in the PHP configuration. Storing session data in a MySQL® database is desirable in some environment configurations and can assist with problems with file storage.
For more information, see Sessions Documentation.