Jump to content

AdminCP Sessions / infinite login loop

Recommended Posts

Hello, I seem to be encountering issues when logging into my community's admin control panel.
This issue is intermittent and I'm not entirely certain what could be causing it. Sometimes I have to log in 4-5 times to the AdminCP before it will log me in.

The issue seems to be because of the ref= query parameter containing the adsess= parameter when accessed. I think a way to replicate it is to:
1. log into the admin CP and navigate to some portion of the adminCP (for example users)
2. Browse the community and click the AdminCP button (this creates a new admin session)
3. Go back to the first tab that had the original admin session and try to perform an action. This brings you back to the login screen with the adsess= encoded into the ref= parameter for the login screen. You'll then have to log in several times before you're able to finally go through and properly log in without issue.
4. Closing those tabs and attempting to re-open a new AdminCP session from the community's dropdown sometimes also becomes bricked in that process and ends up in that login loop.

I am running Invision Community v4.4.10 with PHP-fpm 7.2 behind nginx

Is there anything I could reconfigure on my end, whether it be IPS/nginx/PHP configuration to get around this?

I understand the need for administrative sessions being separate from user sessions, but I feel there are better alternatives to avoid CSRF/XSS and the likes nowadays.
I'm usually all over the place and having to keep track of which tab is the up to date one can become a little tedious. Not to mention if I have been working on editing something in the admin panel and I accidentally open a new session without having saved my changes, those changes are now forever lost.


I initially opened a support ticket but was referred to this forum instead.

Link to comment
Share on other sites

  • 2 months later...

I realize this is most likely NOT your issue, but just putting here in case it helps someone else.

After logging out of my site, I saved the login page as my favorite not realizing the url was NOT https://site.com/login   As a result I had issues, and ended up figuring it out myself and I updated the bookmark to not have the extra string after it. 

I was trippin' cuz its not unusual for me to have multiple sessions open in firefox and chrome on multiple screens. 


Link to comment
Share on other sites

  • 2 weeks later...
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...