Issue with login, keeps redirecting unless cookies are cleared


I am creating this thread with regards to an issue that several users in our journal have been emailing about and we have investigated. We are currently using OJS on our journal.

The issue:

  1. The user logs in, while choosing “Keep me logged in”.
  2. Logs out soon enough
  3. Logs in again with the same option chosen “Keep me logged in”.
  4. Somehow two versions of cookies are created (not always).
  5. Once there are two versions of the cookies and the user tries to login again, it keeps redirecting to the login page over and over again (fixes on its own after some time/after several login attempts).

We have set a custom “session_cookie_name” and “session_check_ip” is off.

The issue is totally related to cookies, however my explanation might not be be fully accurate in depicting how to cookie issue is actually happening. Technical individuals might understand better.

If the user clears all the cookies for the website, they are able to login without a problem.

Can you please share a fix for this so that no manual intervention would be required?

Best Regards.

Not sure if this is relevant, but sharing it anyways.

Hi @Jaimin,

Try changing the session cookie name back to the default and see what happens:

session_cookie_name = OJSSID

Best regards,

Hi @jnoronha,

Thanks for your reply.

Same results are produced after changing it to the defaults, additionally not only does it redirect to the same login page a few times. Once logged in, after clicking the logout button from the panel, it will redirect to the dashboard again a few times until the logout finally works.

Best Regards,

@Jaimin, another possibility is that you’re affected by a bug which was fixed in OJS 3.4 (not released yet), see Unable to login when there's many session cookies · Issue #8544 · pkp/pkp-lib · GitHub.

Basically if you access the journal through, then use a subdomain, like, it will generate this issue.

You’ve got to ensure your journal listens on a fixed domain. Or redirect to the right one before it reaches the OJS code.

Jonas Raoni

Hi @jonasraoni,

Thanks for your reply, I tried to replicate the issue that you described and that seems to be the best explanation for this.

Please let me know if this is a good enough temporary resort to this issue until the upgrade is out:

RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]

Simple addition to the .htaccess file.

Best Regards,

I’m not going to test your redirect, but yeah, that’s the way to go :slight_smile:

Jonas Raoni

This topic was automatically closed after 6 days. New replies are no longer allowed.