Reputation: 1152
phpMyAdmin 4.6.2 token mismatch
I'm getting the dreaded "token mismatch" error on my phpMyAdmin. My install lives in a vagrant/ansible box so it is a clean system.
If I have auth_type set to "cookie" I simply stay on the login page and if I set it to "http" I get the "token mismatch" error.
phpMyAdmin config.inc.php
$cfg['blowfish_secret'] = '123'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH!
$i = 0;
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http'; // or cookie
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
Nginx config:
server
{
listen 80 default;
server_name dev.company.local _;
root /var/www/sites/dev.company.local;
access_log /var/log/nginx/dev.company.local-access.log combined;
error_log /var/log/nginx/dev.company.local-error.log notice;
index index.html index.php;
include fastcgi_portal.conf;
location /phpmyadmin/(.*) {
alias /usr/share/phpMyAdmin;
}
}
I won't post my php.ini here as it such a huge file but few options are configured.
Things I've already checked:
session.gc_maxlifetime = 1440session.save_path = /var/lib/php/session(set to 777, also tried/tmp)- mcrypt is enabled
- clearing browser cookies etc
- verified my mysql credentials
- set the correct time + timezone of the VM
I found bug reports like https://sourceforge.net/p/phpmyadmin/bugs/3893/ but for me it does not seem to be fixed :)
Other info:
CentOS release 6.7 (Final)nginx version: nginx/1.0.15PHP 5.6.22 (fpm-fcgi) (built: May 26 2016 15:45:15)
I've tried the current phpMyAdmin version (4.6.2), the previous version (4.6.1) and the long-term version (4.4.15.6) all the same.
Any help would be great!
Upvotes: 1
Views: 1456
Answers (2)
Reputation: 11
I got exactly the same problem as you describe after security hardening of my Apache. In my case it turned out to be the following that broke phpMyAdmin:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
After commenting it out and restarting httpd everything worked again.
Supposedly the above header setting is to mitigate most of the common Cross Site Scripting attack using HttpOnly and Secure flag in a cookie but looks like PMA developers have not fully considered this scenario.
Upvotes: 1
Reputation: 10091
Assuming you are using Docker in Vagrant, then it's most likely caused by https://github.com/phpmyadmin/docker/issues/32.
It can be fixed by simply pulling newer version of the container :-).
Upvotes: 1
Related Questions
- Import file size limit in PHPMyAdmin
- Failed to set session cookie phpmyadmin
- phpmyadmin will not authenticate mysql account -cannot log into phpmyadmin
- login issues with phpmyadmin
- phpMyAdim on Nginx won't log in
- trouble with entering my phpmyadmin from xamp
- i install phpmyadmin on my ubuntu but its not working
- Help Installing phpMyAdmin on Linux Server