Guides & TutorialsTroubleshooting SimpleTroubleshooting Login Problems

Troubleshooting Login Problems


If when entering login details you are redirected back to the login screen without any error, this indicates an issue with PHP sessions on your server.

This can be confirmed by checking Remember Me on the login page:

Remember Me checkbox

If you are logged in with this option checked, it confirms there is a problem with PHP sessions. 

This may also manifest as an Invalid csrf protection token error message.

Common things to check for include:

  • The configured session tmp path not being writable.
  • The configured session tmp path being full.
  • A misconfiguration of proxy or CDN in front of your webserver

This is a PHP or environment configuration-level issue. Shared or reseller users will require the assistance of their hosting providers.

PHP Session

WHMCS will identify the common causes of PHP session problems and display them at Configuration > System Health.

For more information, see PHP Session Support.


If you cannot access your WHMCS Admin to view this page:

  1. Upload sessiontest.php to your server's web-root.
  2. Visit it in your browser.
  3. Every time you refresh the page, the number should increase 1,2,3,4 etc...
  4. A message will also be displayed to confirm that your server's PHP File-Based session storage location is writable.

If the number stays at 1 on your server, or a warning is displayed that the PHP Session Path is not writable , this means there is a problem with the PHP sessions configuration.

You will need to contact your server admin/hosting provider to investigate and resolve this misconfiguration.

Proxy or CDN

If your webserver is behind a proxy, load-balancer or CDN, a misconfiguration could be causing the session problem.

Refer to the Trusted Proxy Settings documentation for guidance configuring WHMCS for use with proxies, load-balancers and CDNs.


Disable Session IP Checks

As a security measure, WHMCS evaluates a visitor's IP address against the expected value. This can be disabled temporarily:

  1. Navigate to Configuration > System Settings > General Settings > Security tab
  2. Check the Disable Session IP Check option
  3. Click Save Changes


If you cannot access your WHMCS Admin to view this page, run this query against the WHMCS database, using a tool such as phpmyadmin:

UPDATE `tblconfiguration` SET `value` = 'on' WHERE `setting` = 'DisableSessionIPCheck';

Switch to Database Session Storage

Database session data is stored in flat files at the location defined by the PHP configuration. Storing session data in a MySQL database is desirable in some environment configurations and can workaround problems with file storage.

Refer to Sessions Documentation page for more information and instructions.