If you have a Magento installation where you are unable to login as an administrator, because you are redirected to the same login page, or you want to get rid of the “invalid form key. please refresh the page” error.

You need to:

  • Check if you are typing correct username and password.
  • Change your backend admin user password (
  • Double check that path web/cookie/cookie_domain within your core_config_data table is accurate with your domain.
  • Review on your core_config_data table, the values of secure and unsecure urls.
  • Check that var and var/session folders have the corresponding permissions.
  • Change the session save value on the local.xml to => <session_save><![CDATA[files]]></session_save>


Then, if you performed the previous steps, no error is shown and you are still having the issue, but you see the error message when you type an incorrect user/pass, you need to try the following workaround:

  • Open file app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
  • Take a look between lines 80 and 83
  • Comment your code after the comma on $this->getCookie()->getPath()//,
  • Your code should look like this:
  • Try to log into backend again, if it works, remember that modifying core files is ALWAYS a BAD PRACTICE. So you will need to create an extension to rewrite this file.Regardless this quick fix, it should be better to find out the real reason of the problem, and fix it up.In the following link, you will find different reasons behind the problem that it would be helpful to follow up: