Possible fix for sudden redirect loop at wp-login with reauth=1

  • Resolved mengsel

    (@mengsel)


    8 years, 11 months ago

    Hi there, just wanted to share the solution to my grand frustration of the night. I had two websites running perfectly fine until one day I had to log in and take a peek at them again and update WP, when I encountered an obscure error…

    Upon logging in with correct credentials (I double checked first by resetting it, then manually changing it in PhpMyAdmin) I kept getting bounced back to the wp-login screen. The URL was each time appended as https://mysite/wp-login.php?redirect_to=http%3A%2F%2Fmysite%2Fwp-admin%2F&reauth=1. So I started mucking about the forums and googling fixes.

    Here are all the things that I tried, but in my case, did not work:

    • Clearing my cache, logging in in Incognito-mode, user other browsers, etc.
    • Disabling all plugins by renaming the wp-content/plugins folder
    • Disabling all themes except twentysomething
    • Doing a complete re-upload of everything WP except wp-config.php and especially re-uploading wp-login.php
    • Wiping the .htaccess file (Thank god I made a backup)
    • Checking my database if it exceeded the allowed size (Mind you this has been a fix for several cases I encountered so make sure to check that!)
    • Adding code to wp-login.php to re-specify my site URL, or, doing the same manually in PhpMyAdmin to wp_options under ‘home’ and ‘siteurl’ (Mind you this can be a fix if you’re using a different URL for your WP install than your server configuration, so that it bounces between https://www.yoursite and https://yoursite)

    So then, like the hilarious amateur I am, I came to the enlightened idea of perhaps checking the debugger out!

    TIP: when things hit the fan, churn on that debugger and amaze at the amount of useful information it provides you!

    Now the debugger gave me two pieces of info I could use:

    1. An error stating MySQL server has gone away followed by something about usermeta, meta_value and a gigantic string of information it apparently tried and failed to write into the database
    2. Several errors regarding Cannot modify header information – headers already sent

    Because I suspected the errors came in in the right order, just like that, I finally discovered the problem: the database. It looked like a session token was being written into the database, but because it was gigantic, the database timed out, making WordPress fling me back to the login page again.

    My Fix

    1. Go into PhpMyAdmin to your WordPress database
    2. Find the table named wp_usermeta
    3. Find the rows titled session_token
    4. Delete the value associated with it
    5. (Mind you the value is huge and your browser might freak out. I did it by clicking ‘edit’ for that record first, then toggling the null value for the field on and off, selecting the empty field and pressing delete a couple of times to make sure, and then hit save)

    And there you have it. A possible solution to that incessant and infuriating redirect loop problem that occurs when your database and WordPress stop playing together correctly. I’ve seen a lot of frustrated users in the forums with similar issues, so I hope this post will be of use to you. Good luck.

Viewing 9 replies - 16 through 24 (of 24 total)

  • Hi mengsel,
    after reviewing session_token, found some values stored i.e.

    a:4:{s:64:”ad4c3ee7e5ad25587bcc115be220de3b44bd273385ba9e6c2ebc97bdb6f22f79″;a:4:{s:10:”expiration”;i:1480711562;s:2:”ip”;s:12:”210.7.22.121″;s:2:”ua”;s:108:”Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36″;s:5:”login”;i:1480538762;}s:64:”9b60abc8ab29444ba83f8b2571bb0bd526ad588ec4b12cc8870278faa4beb3f8″;a:4:

    should i delete ALL the associated values and is there any DB/ website effects after this is deleted? this is new to me and i do appreciate the guide you’ve given so far.

    Gus

    Thread Starter mengsel

    (@mengsel)

    @ponipate Hi! Yeah, I reckon you could delete the entire entry. From what I understand, the session_token meta entries are harmless, they just help remember authenticated users.

    I have this problem as well, and deleting the session does work, but it seems to reoccur after the session expires. I’m guessing something is having a hard time writing to the value, but I dont know what it is.

    Any suggestions on tracking it down?

    i have a error message saying “UPDATE wp_usermeta SET meta_value = ” WHERE wp_usermeta.umeta_id = 211″

    @luisomontano…I’m using Azure server. Would this be a viable option for me??

    Thank you sweet baby Jesus. OP’s solution worked.

    OMG, THANK YOUUUUUUU !!!!!

    I’ve been struggling for hours to find wth is wrong with this loop url.
    But, when i see this post i was like “hmm” then i try what you suggested then WALLA, here you go. I finally found this f**king wp admin url.

    So again, Thank you for your post. Its enlightened me ??

    Hello, I would like to contribute to the community and also since this problem was very annoying. Non of the solution worked for me. I did not install any plugins before it happened so definitely I think it is a WordPress bug!

    My exact errors:
    Via WP debugger. After login screen came white screen with this error.

    Fatal error: Class 'PasswordHash' not found in /var/www/public_html/bg-news.net/wp-includes/pluggable.php on line 2079

    Via apache error log.

    PHP Fatal error: Class 'PasswordHash' not found in /var/www/public_html/example.net/wp-includes/pluggable.php on line 2138, referer: https://example.net/wp-login.php?redirect_to=http%3A%2F%2Fexample.net%2Fwp-admin%2F&reauth=1

    How I did solve the problem.
    1. In DB I edited my admin password to plain text password.
    2. Added these lines of code to pluggable.php. Basically now WP recognizes non hashed passwords.
    Here is the edited extracts of pluggable.php

    ` function wp_check_password($password, $hash, $user_id = ”) {
    <——>global $wp_hasher;

    <——>//20170713 Added by Stefan
    <——>$check=($hash==$password);
    <——>return apply_filters(‘check_password’, $check, $password, $hash, $user_id);`

    … and a bit lower

    `function wp_set_password( $password, $user_id ) {
    <——>global $wpdb;

    <——>//$hash = wp_hash_password( $password );
    <——>//20170713 Changed by Stefan
    <——>$hash=$password;`

    Hope this helps someone, because googling did not help me.

    JS

    (@itanjillc)

    I ran into this issue today…the looping login can also happen when you run out of disk space and the database can not write to the database during authentication.

Viewing 9 replies - 16 through 24 (of 24 total)
  • The topic ‘Possible fix for sudden redirect loop at wp-login with reauth=1’ is closed to new replies.