Unable to log in without clearing cookies. OJS3


My users are unable to log in after some visits to the website. I happens to me too. After I clear the cookies I am able to log in, then after some time, the same happens again, log in just returns me to login page without any message. After I clear the cookies, I can log in.

Thanks for the help.

I second that. Firefox or Chrome don’t make a difference, nor does the OS. I already tweaked the IP address check in config.inc but that did not help much.
Can someone reproduce that?

I’m running OJS

Did anyone ever fix this issue? Users and I are running into the same problem on

@pmangahis Can you help? This is really messing with my submissions because people are becoming frustrated and giving up. Apologies for the tone of desperation. :slight_smile:

I turned the session_check_ip = Off
In addition, have put a message at login web page: https://www.bjbms.org/ojs/index.php/bjbms/login

I don’t know if the session check IP resolved the problem, because the users now see the warning message and probably clear the cookies when they want to log in. I receive much less requests for help after I did these two.

Let us know if you find better solution.
Best regards,

I also had the same issue and perhaps solved with the help of our web hosting company. Few days ago I had installed self signed SSL certificate that was the main cause of problem. Our web hosting company replaced it with another. They also put some code to the .htaccess file. Now I don’t have such problem.


Hi @blmirza,

Great. This may be a solution.
Could you please ask your hosting company to share some details what they did with SSL and .htaccess, so we can finally resolve this issue for our community?

Thank you!

Dear Faruk greetings.
They advised as shown below;
Add the following code to the top of your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9] … .cpaneldcv$
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

They also replaced self signed certificate with “DV certificate”
They also protected website with immunify 360

Please contact your web administer before doing such changes, I am not an expert, please be careful and get an advice from your web hosting admin for making any change.
I am not getting any complain and also I my self am able to log in without clearing cache or browsing data.
Before this solution I had following observations;

  1. There was not an issue of login on microsoft Internet explorer/ Edge
  2. Similarly in chrome incognito mode, the login was always successful
    So you can advise your users to these solutions in the meantime.

Best Regards

Did you get any success?


Thank you, @BJBMS! In another thread I also found a suggestion to change the name of the session in the PHP, so in addition to session_check_ip = Off, I did that. I haven’t had the issue and haven’t received any more complaints from users since then, but I’m going to put the warning up at log-in as you have, just in case!

1 Like

Thanks @Amelia!
How do I change the session name in PHP?

Hi @blmirza,

Didn’t have time to contact them. I will let you know as soon as I get any information.

Best regards,