Users can' t login at https store because of double frontend cookie
I have a magento version 1.9.2.4
installation with multiple store views with different urls. One new store view is now running with https in secure and unsecure base url. At this store many customers can't login, because there are two "frontend" cookies being set. One with the domain .domain.de, which is configured in the backend, and one with .www.domain.de. It's only that store with the ssl configuration, the other stores are running fine.
I read a lot of threads, but no one could help me out. My cookie configuration looks like the following:
Default Session Cookie Management
- Cookie Lifetime: 86400
- Cookie Path: /
- Cookie Domain:
- Use HTTP Only: Yes
Default Session Validation Settings
- Everything is set to "No"
Store view Session Cookie Management
- Cookie Domain: .domain.de
Are there any settings for stores running completely under https or is there anything else I can do?
Thanks in advance!
magento-1.9 cookie https
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a magento version 1.9.2.4
installation with multiple store views with different urls. One new store view is now running with https in secure and unsecure base url. At this store many customers can't login, because there are two "frontend" cookies being set. One with the domain .domain.de, which is configured in the backend, and one with .www.domain.de. It's only that store with the ssl configuration, the other stores are running fine.
I read a lot of threads, but no one could help me out. My cookie configuration looks like the following:
Default Session Cookie Management
- Cookie Lifetime: 86400
- Cookie Path: /
- Cookie Domain:
- Use HTTP Only: Yes
Default Session Validation Settings
- Everything is set to "No"
Store view Session Cookie Management
- Cookie Domain: .domain.de
Are there any settings for stores running completely under https or is there anything else I can do?
Thanks in advance!
magento-1.9 cookie https
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
do you have n98-magerun.phar installed? Can you execute thisn98-magerun.phar config:get web/
and share it on the chat. Then change your actual domain to dummy domain so you can keep it anonymous.
– Ner
Nov 27 '17 at 8:20
No I don't have installed this
– Dominik Barann
Nov 27 '17 at 13:02
add a comment |
I have a magento version 1.9.2.4
installation with multiple store views with different urls. One new store view is now running with https in secure and unsecure base url. At this store many customers can't login, because there are two "frontend" cookies being set. One with the domain .domain.de, which is configured in the backend, and one with .www.domain.de. It's only that store with the ssl configuration, the other stores are running fine.
I read a lot of threads, but no one could help me out. My cookie configuration looks like the following:
Default Session Cookie Management
- Cookie Lifetime: 86400
- Cookie Path: /
- Cookie Domain:
- Use HTTP Only: Yes
Default Session Validation Settings
- Everything is set to "No"
Store view Session Cookie Management
- Cookie Domain: .domain.de
Are there any settings for stores running completely under https or is there anything else I can do?
Thanks in advance!
magento-1.9 cookie https
I have a magento version 1.9.2.4
installation with multiple store views with different urls. One new store view is now running with https in secure and unsecure base url. At this store many customers can't login, because there are two "frontend" cookies being set. One with the domain .domain.de, which is configured in the backend, and one with .www.domain.de. It's only that store with the ssl configuration, the other stores are running fine.
I read a lot of threads, but no one could help me out. My cookie configuration looks like the following:
Default Session Cookie Management
- Cookie Lifetime: 86400
- Cookie Path: /
- Cookie Domain:
- Use HTTP Only: Yes
Default Session Validation Settings
- Everything is set to "No"
Store view Session Cookie Management
- Cookie Domain: .domain.de
Are there any settings for stores running completely under https or is there anything else I can do?
Thanks in advance!
magento-1.9 cookie https
magento-1.9 cookie https
edited Nov 4 '16 at 10:41
Ashish Jagnani
4,49621952
4,49621952
asked Nov 4 '16 at 10:20
Dominik BarannDominik Barann
1861513
1861513
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
do you have n98-magerun.phar installed? Can you execute thisn98-magerun.phar config:get web/
and share it on the chat. Then change your actual domain to dummy domain so you can keep it anonymous.
– Ner
Nov 27 '17 at 8:20
No I don't have installed this
– Dominik Barann
Nov 27 '17 at 13:02
add a comment |
do you have n98-magerun.phar installed? Can you execute thisn98-magerun.phar config:get web/
and share it on the chat. Then change your actual domain to dummy domain so you can keep it anonymous.
– Ner
Nov 27 '17 at 8:20
No I don't have installed this
– Dominik Barann
Nov 27 '17 at 13:02
do you have n98-magerun.phar installed? Can you execute this
n98-magerun.phar config:get web/
and share it on the chat. Then change your actual domain to dummy domain so you can keep it anonymous.– Ner
Nov 27 '17 at 8:20
do you have n98-magerun.phar installed? Can you execute this
n98-magerun.phar config:get web/
and share it on the chat. Then change your actual domain to dummy domain so you can keep it anonymous.– Ner
Nov 27 '17 at 8:20
No I don't have installed this
– Dominik Barann
Nov 27 '17 at 13:02
No I don't have installed this
– Dominik Barann
Nov 27 '17 at 13:02
add a comment |
4 Answers
4
active
oldest
votes
Try to remove the Dot (.) in the cookie domain. Please note that subdomains will no longer receive the cookies, however, Magento doesn't make usage of Subdomains by default (except you've changed that).
This has helped me to login again. If you cannot login into the backend, you can do that manually by moving to your database and set the flag in the core_config_data
table
1
Hi Max, I added the dot because I need the cookie at my subdomains
– Dominik Barann
Nov 4 '16 at 12:31
add a comment |
You have to configure the subdomain for each of your store views. In case you have the following baseUrl setup:
- http://de.example.com
- http://en.example.com
- https://it.example.com
Your Cookie Domains should be exactly the same as so:
- de.example.com
- en.example.com
- it.example.com
The problem is, that i have to run the same store view under different domains. So i can't configure it like that
– Dominik Barann
Nov 22 '17 at 9:38
And the URLs have to be the same? Aren't redirects possible?
– David Lambauer
Nov 23 '17 at 6:24
No, the urls are different, but I only have one store view to configure a cookie domain. So I can't set a cookie domain for each subdomain.
– Dominik Barann
Nov 23 '17 at 16:03
add a comment |
Firstly you must have a same Cookie Domain and for share cookies between http and https you have to do a server configuration
see https://stackoverflow.com/questions/2163828/reading-cookies-via-https-that-were-set-using-http
add a comment |
I've worked on a few Magento sites with this issue. If any of the 'easy' configuration changes based fixes don't work, an alternate solution is to forcefully clear both frontend cookies on the login page.
The javascript to clear cookie by name 'frontend' would be easy enough something like this would work https://stackoverflow.com/questions/10593013/delete-cookie-by-name
Hmm, seems to be a solution, but I don't like it so much ;-)
– Dominik Barann
Nov 23 '17 at 16:04
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "479"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f144168%2fusers-can-t-login-at-https-store-because-of-double-frontend-cookie%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Try to remove the Dot (.) in the cookie domain. Please note that subdomains will no longer receive the cookies, however, Magento doesn't make usage of Subdomains by default (except you've changed that).
This has helped me to login again. If you cannot login into the backend, you can do that manually by moving to your database and set the flag in the core_config_data
table
1
Hi Max, I added the dot because I need the cookie at my subdomains
– Dominik Barann
Nov 4 '16 at 12:31
add a comment |
Try to remove the Dot (.) in the cookie domain. Please note that subdomains will no longer receive the cookies, however, Magento doesn't make usage of Subdomains by default (except you've changed that).
This has helped me to login again. If you cannot login into the backend, you can do that manually by moving to your database and set the flag in the core_config_data
table
1
Hi Max, I added the dot because I need the cookie at my subdomains
– Dominik Barann
Nov 4 '16 at 12:31
add a comment |
Try to remove the Dot (.) in the cookie domain. Please note that subdomains will no longer receive the cookies, however, Magento doesn't make usage of Subdomains by default (except you've changed that).
This has helped me to login again. If you cannot login into the backend, you can do that manually by moving to your database and set the flag in the core_config_data
table
Try to remove the Dot (.) in the cookie domain. Please note that subdomains will no longer receive the cookies, however, Magento doesn't make usage of Subdomains by default (except you've changed that).
This has helped me to login again. If you cannot login into the backend, you can do that manually by moving to your database and set the flag in the core_config_data
table
answered Nov 4 '16 at 11:00
MaxMax
89321944
89321944
1
Hi Max, I added the dot because I need the cookie at my subdomains
– Dominik Barann
Nov 4 '16 at 12:31
add a comment |
1
Hi Max, I added the dot because I need the cookie at my subdomains
– Dominik Barann
Nov 4 '16 at 12:31
1
1
Hi Max, I added the dot because I need the cookie at my subdomains
– Dominik Barann
Nov 4 '16 at 12:31
Hi Max, I added the dot because I need the cookie at my subdomains
– Dominik Barann
Nov 4 '16 at 12:31
add a comment |
You have to configure the subdomain for each of your store views. In case you have the following baseUrl setup:
- http://de.example.com
- http://en.example.com
- https://it.example.com
Your Cookie Domains should be exactly the same as so:
- de.example.com
- en.example.com
- it.example.com
The problem is, that i have to run the same store view under different domains. So i can't configure it like that
– Dominik Barann
Nov 22 '17 at 9:38
And the URLs have to be the same? Aren't redirects possible?
– David Lambauer
Nov 23 '17 at 6:24
No, the urls are different, but I only have one store view to configure a cookie domain. So I can't set a cookie domain for each subdomain.
– Dominik Barann
Nov 23 '17 at 16:03
add a comment |
You have to configure the subdomain for each of your store views. In case you have the following baseUrl setup:
- http://de.example.com
- http://en.example.com
- https://it.example.com
Your Cookie Domains should be exactly the same as so:
- de.example.com
- en.example.com
- it.example.com
The problem is, that i have to run the same store view under different domains. So i can't configure it like that
– Dominik Barann
Nov 22 '17 at 9:38
And the URLs have to be the same? Aren't redirects possible?
– David Lambauer
Nov 23 '17 at 6:24
No, the urls are different, but I only have one store view to configure a cookie domain. So I can't set a cookie domain for each subdomain.
– Dominik Barann
Nov 23 '17 at 16:03
add a comment |
You have to configure the subdomain for each of your store views. In case you have the following baseUrl setup:
- http://de.example.com
- http://en.example.com
- https://it.example.com
Your Cookie Domains should be exactly the same as so:
- de.example.com
- en.example.com
- it.example.com
You have to configure the subdomain for each of your store views. In case you have the following baseUrl setup:
- http://de.example.com
- http://en.example.com
- https://it.example.com
Your Cookie Domains should be exactly the same as so:
- de.example.com
- en.example.com
- it.example.com
answered Nov 21 '17 at 15:40
David LambauerDavid Lambauer
638416
638416
The problem is, that i have to run the same store view under different domains. So i can't configure it like that
– Dominik Barann
Nov 22 '17 at 9:38
And the URLs have to be the same? Aren't redirects possible?
– David Lambauer
Nov 23 '17 at 6:24
No, the urls are different, but I only have one store view to configure a cookie domain. So I can't set a cookie domain for each subdomain.
– Dominik Barann
Nov 23 '17 at 16:03
add a comment |
The problem is, that i have to run the same store view under different domains. So i can't configure it like that
– Dominik Barann
Nov 22 '17 at 9:38
And the URLs have to be the same? Aren't redirects possible?
– David Lambauer
Nov 23 '17 at 6:24
No, the urls are different, but I only have one store view to configure a cookie domain. So I can't set a cookie domain for each subdomain.
– Dominik Barann
Nov 23 '17 at 16:03
The problem is, that i have to run the same store view under different domains. So i can't configure it like that
– Dominik Barann
Nov 22 '17 at 9:38
The problem is, that i have to run the same store view under different domains. So i can't configure it like that
– Dominik Barann
Nov 22 '17 at 9:38
And the URLs have to be the same? Aren't redirects possible?
– David Lambauer
Nov 23 '17 at 6:24
And the URLs have to be the same? Aren't redirects possible?
– David Lambauer
Nov 23 '17 at 6:24
No, the urls are different, but I only have one store view to configure a cookie domain. So I can't set a cookie domain for each subdomain.
– Dominik Barann
Nov 23 '17 at 16:03
No, the urls are different, but I only have one store view to configure a cookie domain. So I can't set a cookie domain for each subdomain.
– Dominik Barann
Nov 23 '17 at 16:03
add a comment |
Firstly you must have a same Cookie Domain and for share cookies between http and https you have to do a server configuration
see https://stackoverflow.com/questions/2163828/reading-cookies-via-https-that-were-set-using-http
add a comment |
Firstly you must have a same Cookie Domain and for share cookies between http and https you have to do a server configuration
see https://stackoverflow.com/questions/2163828/reading-cookies-via-https-that-were-set-using-http
add a comment |
Firstly you must have a same Cookie Domain and for share cookies between http and https you have to do a server configuration
see https://stackoverflow.com/questions/2163828/reading-cookies-via-https-that-were-set-using-http
Firstly you must have a same Cookie Domain and for share cookies between http and https you have to do a server configuration
see https://stackoverflow.com/questions/2163828/reading-cookies-via-https-that-were-set-using-http
answered Nov 22 '17 at 21:22
Mohamed El MrabetMohamed El Mrabet
783517
783517
add a comment |
add a comment |
I've worked on a few Magento sites with this issue. If any of the 'easy' configuration changes based fixes don't work, an alternate solution is to forcefully clear both frontend cookies on the login page.
The javascript to clear cookie by name 'frontend' would be easy enough something like this would work https://stackoverflow.com/questions/10593013/delete-cookie-by-name
Hmm, seems to be a solution, but I don't like it so much ;-)
– Dominik Barann
Nov 23 '17 at 16:04
add a comment |
I've worked on a few Magento sites with this issue. If any of the 'easy' configuration changes based fixes don't work, an alternate solution is to forcefully clear both frontend cookies on the login page.
The javascript to clear cookie by name 'frontend' would be easy enough something like this would work https://stackoverflow.com/questions/10593013/delete-cookie-by-name
Hmm, seems to be a solution, but I don't like it so much ;-)
– Dominik Barann
Nov 23 '17 at 16:04
add a comment |
I've worked on a few Magento sites with this issue. If any of the 'easy' configuration changes based fixes don't work, an alternate solution is to forcefully clear both frontend cookies on the login page.
The javascript to clear cookie by name 'frontend' would be easy enough something like this would work https://stackoverflow.com/questions/10593013/delete-cookie-by-name
I've worked on a few Magento sites with this issue. If any of the 'easy' configuration changes based fixes don't work, an alternate solution is to forcefully clear both frontend cookies on the login page.
The javascript to clear cookie by name 'frontend' would be easy enough something like this would work https://stackoverflow.com/questions/10593013/delete-cookie-by-name
answered Nov 23 '17 at 12:30
bjornredemptionbjornredemption
7112
7112
Hmm, seems to be a solution, but I don't like it so much ;-)
– Dominik Barann
Nov 23 '17 at 16:04
add a comment |
Hmm, seems to be a solution, but I don't like it so much ;-)
– Dominik Barann
Nov 23 '17 at 16:04
Hmm, seems to be a solution, but I don't like it so much ;-)
– Dominik Barann
Nov 23 '17 at 16:04
Hmm, seems to be a solution, but I don't like it so much ;-)
– Dominik Barann
Nov 23 '17 at 16:04
add a comment |
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f144168%2fusers-can-t-login-at-https-store-because-of-double-frontend-cookie%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
do you have n98-magerun.phar installed? Can you execute this
n98-magerun.phar config:get web/
and share it on the chat. Then change your actual domain to dummy domain so you can keep it anonymous.– Ner
Nov 27 '17 at 8:20
No I don't have installed this
– Dominik Barann
Nov 27 '17 at 13:02