Author Topic: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist (Read 738 times)

Ali Arslan · « **on:** June 19, 2025, 04:22:47 AM »

Hi Community,

I’m experiencing a persistent issue with AbanteCart v1.4.1 on a live deployment. After submitting the login form, the user is redirected to the expected account/account URL, but then immediately redirected back to the login page without any error message.

Observed Behavior:
Login form submits via POST to account/login with valid credentials.

The response returns 302 Found to account/account (as expected).

Then the browser is redirected again with 302 back to login page.

Final status is 200 OK on the login page – but the user is never authenticated.

No errors appear in AbanteCart logs or server logs.

The customer cookie is issued after login, but gets immediately deleted in the next request.

abolabo · « **Reply #1 on:** June 19, 2025, 04:38:14 AM »

please check this sql-request of upgrade script.
https://github.com/abantecart/abantecart-src/blob/1.4.1/public_html/install/abantecart_database_upgrade.sql#L87

Be sure table customer_sessions presents in the database

Ali Arslan · « **Reply #2 on:** June 19, 2025, 04:47:51 AM »

The table already exists in the database. I'm attaching a screenshot of the customer_session fields. Is the table structure okay?

abolabo · « **Reply #3 on:** June 19, 2025, 06:55:50 AM »

yes, structure is correct.

Do you have some old incompatible extensions installed? Can you try disable them?

Ali Arslan · « **Reply #4 on:** June 19, 2025, 07:22:46 AM »

Thank you for the suggestion.

We’ve checked our extensions and we’ve already switched back to the default extension (replacing the existing one). However, the issue still persists the login completes, but the redirection loops back to the login page instead of proceeding to the account dashboard.

My Observation on this issue !

During the login process, we observed the following behavior:

Credential Submission:
When valid login credentials are submitted via the login form, a POST request is initiated to the login route.

Initial Response

Unexpected Session Deletion:
Upon redirection to the /account page, the server immediately deletes the customer session cookie, as seen in the response headers. This results in the authenticated session being dropped unexpectedly.

Second Redirection (Loop Back to Login):
Because the session is no longer valid, the system interprets the user as unauthenticated and redirects them back to the login page. This creates a loop, preventing access to the account area even with valid credentials.

abolabo · « **Reply #5 on:** June 19, 2025, 09:57:30 AM »

Quote from: Ali Arslan on June 19, 2025, 07:22:46 AM

However, the issue still persists the login completes, but the redirection loops back to the login page instead of proceeding to the account dashboard.

one of such unexpected deleting of session can be 3d-party login extensions.
Try to uninstall them completely if presents.

AromeCity · « **Reply #6 on:** June 19, 2025, 10:56:50 AM »

Ali works for me.

We have not used any third-party logins.

You can check yourself at www.AromeCity.com/shop

Ali Arslan · « **Reply #7 on:** June 23, 2025, 05:27:27 AM »

I had previously posted regarding the persistent login loop issue in AbanteCart v1.4.1 on my live store. I received some suggestions (thanks to the contributors!) and have now tried several of those recommendations, but unfortunately, the problem still persists.

What I've Tried So Far:
Checked Session Creation
Session is successfully created after login (verified in debug logs and $_SESSION array).
customer_id, zone_id, etc. are set correctly.

Secure Cookie Handling
Set a secure, HTTP-only customer cookie using setcookie() inside ControllerPagesAccountLogin.
Cookie is visible in browser, path and domain are correct.

Session Loss After Redirection
On next request after login, session appears to be reset user is redirected back to login.
We checked .htaccess, index.php, and ensured no session reset is triggered in code.

But after redirection to account/account, session seems wiped.

abolabo · « **Reply #8 on:** June 23, 2025, 06:56:02 AM »

Quote from: Ali Arslan on June 23, 2025, 05:27:27 AM

But after redirection to account/account, session seems wiped.

You can play with controllers to exclude extensions effect at all.
Just open controller pages/account/account and comment two rows with hooks call
i mean lines with
//$this->extensions->UpdateData();
and
//$this->extensions->InitData();

After that no one extension hooks will run. And you will be sure problem in the server configuration or in php-code.

Just add two slashes // before call.

News:

Author Topic: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist (Read 738 times)

Ali Arslan

Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist

abolabo

Re: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist

Ali Arslan

Re: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist

abolabo

Re: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist

Ali Arslan

Re: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist

abolabo

Re: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist

AromeCity

Re: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist

Ali Arslan

Re: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist

abolabo

Re: Login Redirect Loop After POST on AbanteCart v1.4.1 – Session/Cookie Not Persist