This only applies to doing development on a local machine, not production sites. Base URLs on production sites should be set properly, so none of this will apply. But you are testing functionality or running a local Magento install, read on.
Today I was setting up a base Magento install with sample data and ran into a problem that happens quite a bit when setting Magento on a local server or development sandbox.
Basically, you start by downloading the code or doing a subversion check out to /var/www/ or /home/username/foo. You’ve got virtual hosting set up with AllowOverride ALL, so the .htaccess in the Magento directory will be honored.You go through the Magento installation wizard, everything goes peachy, you go to the admin backend, type in your admin username and password, and hit “Login”.
Instead of successfully logging in, you are presented with the login screen again. But there are no errors. Nothing that says invalid username or password. But you get a URL that looks like you have been authenticated:
WTF?!?
If you are like me, you are probably expecting to run Magento at something like http://localhost/magento. The problem is when Magento goes to create the session for localhost (or 127.0.0.1), it barfs since localhost isn’t a real domain.
There are a bunch of possible solutions. The ugly ones involve modifying core Magento code. For example, one common solution is to remove or comment out out lines where the cookies are being created, like lines 76-101 in app/code/core/Mage/Core/Model/Session/Abstract/Varien.php:
$cookieParams = array(
'lifetime' => $cookie->getLifetime(),
'path' => $cookie->getPath(),
'domain' => $cookie->getConfigDomain(),
'secure' => $cookie->isSecure(),
'httponly' => $cookie->getHttponly()
);
if (!$cookieParams['httponly']) {
unset($cookieParams['httponly']);
if (!$cookieParams['secure']) {
unset($cookieParams['secure']);
if (!$cookieParams['domain']) {
unset($cookieParams['domain']);
}
}
}
if (isset($cookieParams['domain'])) {
$cookieParams['domain'] = $cookie->getDomain();
}
call_user_func_array('session_set_cookie_params', $cookieParams);
The problem with this is its maintenance hell. When upgrading Magento, I don’t want to have to remember to make sure this bit of code doesn’t get wiped out locally when merging. Or that I don’t check this code into a git or subversion repository that will be used to pull code down to production servers.
A better solution? While not exactly elegant, it will cause less pain in the future: add another domain to /etc/hosts for 127.0.0.1. Do something like this:
Then go to http://my.sandbox/index.php/admin and watch it all work like magic.
