After Reboot, Good Login Shows Only Login Screen

bsmither

I had to power-cycle the pfSense box.

The console did not give any errors (except maybe squid3).

At a workstation, I request the login page and submit the user/pass. I am shown the login screen again.

The console screen shows that the user has successfully logged in.

This may or may not have any contributing info:
https://forum.pfsense.org/index.php?topic=100338.0

This box was operating fine before the referenced activity.

I think this could not be a case of user/pass failing a hashing algorithm – all characters are lower-case USA alphabet -- as the console screen says success and the login screen does not hint at a failed attempt.

Restarting the WebConfigurator (option 11 on console) does not fix it. Restart php-fpm (option 16) does not fix it.

bsmither

More info:

Warm-booted the box (option 5) and requested the webconfigurator. Got the login page.

Intentionally entered a wrong user/pass. Got back the login page with the added phrase, "Username or Password incorrect".

Entered the correct user/pass and still was given the same login page – with the added phrase still present.

Console has a line that says a login failed, followed by a line that says login succeeded.

doktornotor

Which pfSense version? ???

bsmither

More info:

Just finished Upgrading from console (option 13) to v2.2.4.

No change. The console says a login was successful, but I get the login page again.

doktornotor

You just finished upgrading from what version? Everything before 2.2.4 was plagued with /etc filesystem corruption issue, screwing up /etc/group among others. Are we talking about admin user here, or some other account you configured manually? If the first, why don't you use Reset webConfigurator password in console? If the second, delete the user and re-create it?

bsmither

This is the default user/admin created on initial install – uses the default user/pass.

Worked before the aforementioned reboot.

The console says login was successful. DOES IT LIE?

The login page does not say wrong user/pass. DOES IT LIE?

No other user created.

Sure, I'll try resetting the password.

bsmither

No change.

doktornotor

If that doesn't work, perhaps you could try from a different browser, different computer altogether.

bsmither

Frak!

Composed a superlative response only to have timed out the session and lost it all!

It was the cookies.

(Frakkin' forums.)

bsmither

Let me try to get this in.

Using a second (instance/profile of the same brand) browser, I asked for the pfsense page and was given the login page. However, this page is using a different theme.

Comparing the cookies between the two browsers, I find that the first browser has three cookies named PHPSESSID with different 'host' values. Deleting the two obviously wrong same-named cookies got me past the login page.

On the first browser, I logged in and was given the dashboard page of the theme I always used.

On the second browser, a different theme is shown, yet the General Setup, Theme choice is 'pfsense_ng' in both browsers.

Edit: Changing the selection of the theme does not change the theme displayed.
Edit2: Correction - the theme changes on the first browser when a selection is made, but not on the second when a selection is made.

So, I think the browser was sending too many cookies or the wrong cookie.

Suggest that pfSense use a cookie with a name unique unto itself, instead of the common/default PHPSESSID.