Login fails silently, seems to be a session problem

Hi! I hope you can help me out with this


I had a working 3.03-pl MODX manager, but I cleared my cookies while logged in. Now I am unable to log in again. When I use the log in page nothing happens, it simply reloads. This behavior seems similar to these other open topics on this site: Upgrade issues can not login and After upgrade from 3.0.1 to 3.0.2 manager not works

Debug Attempts

I have cleared the core/cache with ftp and my core/cache/logs/error.log says:

(ERROR @ ...core/src/Revolution/modUser.php : 393) PHP warning: session_regenerate_id(): Session ID cannot be regenerated when there is no active session
(ERROR @ .../core/src/Revolution/modManagerRequest.php : 107) PHP warning: Undefined variable $_SESSION

I have also emptied my modx_session table and noticed that modx_active_users is empty while modx_manager_log is recording every login as if it were successful. My session_handler_class is set to MODX\Revolution\modSessionHandler

I have tried from different browsers and private/incognito windows. The browser console returns no errors, and no cookies/sessions
Screen Shot 2023-04-21 at 04.04.07

What should I try next?


Apache 2.4, PHP 8.0, MariaDB 10.3, Firefox 112.

You could try setting session_handler_class to blank, to use ‘standard PHP session management’.
There are also other settings (starting with session_cookie_...) that you could try changing.

Always clear the cache (core/cache) after changing a system setting in the database.

Thank you for your suggestions! I tried using the PHP session handler by setting session_handler_class to blank and got a similar error in the PHP error log about $_SESSION being undefined from line 11 of /index.php

I also tried different session_cookie system settings, always clearing the cache, with both PHP and MODX session handlers to no avail. These were session_cookie_httponly, session_cookie_secure, session_cookie_domain, and session_cookie_path

When I found session_enabled I recalled that I had experimented with contexts, and deleted the 3 test contexts I had made from mod_access_context and mod_context (none had mod_context_settings). I also made sure that the default_context was web.

However, none of this changed the problem. This glitch fascinates me, but I might just start from a fresh install because I can’t make any progress with it.

This probably means that the PHP function session_start either doesn’t get called at all or is not successful.

  • Is the system setting anonymous_sessions set to true?
  • When you call session_start(); in a test PHP file, does that work?

Interesting! I wrote and executed a script that called session_start() without issue. Then I tried logging in, and it worked! This made me terribly suspicious, so I tried logging out again, which recreated the problem.

In other words, you seem to be correct that session_start is either not being called or failing when MODX calls it.

anonymous_sessions was set to 0 (false) so I changed it to 1 and cleared the cache. Doing this fixed the log in issues, and I can imagine why. I can now log in and logout and even clear my cookies without this issue recurring.

However, I expect that breaking login is an unintended consequence of turning off anonymous sessions. Shouldn’t the login page still generate a session? I prefer to have sessions off for the main site.

Thinking that this might be a bug, I tested on a clean install (at the same host) and it created the same log in issue. As far as I can tell, the only thing necessary to create this problem is changing the system setting anonymous_sessions to No.

While this might be a bug with anonymous_sessions or unique to my host, my particular issue has definitely been solved :confetti_ball: Thank you @halftrainedharry for your succinct and prompt troubleshooting assistance!

For anyone with the same issue: As a workaround to keep session cookies off the main site I set session_enabled to No for the web context which worked nicely, setting anonymous_sessions to No for web worked as well. I found the workaround on this closed issue from modx 2.5.

These were the issues that resembled my problem, both closed:

1 Like

I was able to recreate the issue as well. I think it’s a bug, as the behavior in MODX 2.x is different.
I opened an issue on Github:


This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.