Login Fails: Admin dashboard (No Errors) on HTTPS Site

[W2me92]

hi .. Unable to log into ProcessWire admin dashboard. After submitting valid credentials, the URL changes to /dashboard, but the login form reloads without errors. The system throws:
ProcessLogin: This request was aborted because it appears to be forged.

Observed Behavior:

No error messages (e.g., "wrong password").

CSRF token validation failure (request appears forged).

Login form reloads instead of redirecting.

Environment Details:

PHP Version: 8.2

Server: plesk with custom .htaccess.

Key Configurations Checked:config.php:
$config->sessionCookieSecure = true;  
$config->sessionCookieDomain = '.alfalgroup.com';  
$config->protectCSRF = true;  
$config->debug = true;  
.htaccess:

Custom rules overriding session/cookie security.

Headers unsetting cookies (Header unset Set-Cookie).

PHP directives forcing insecure cookies (session.cookie_secure 0).

Steps Taken So Far:

Cleared sessions/caches (site/assets/sessions/, site/assets/caches/).

Updated .htaccess to enforce HTTPS and remove conflicting directives.

Verified file permissions (755 for directories, 644 for files).

Temporarily disabled CSRF protection ($config->protectCSRF = false), but issue persists.

how fix please

[zoeck]

Looks like the same problem 🙂 

 

Add this to the config.php file:

$config->sessionFingerprint = 12;

 

[KG60]

1 minute ago, zoeck said:

Looks like the same problem 🙂 

 

Add this to the config.php file:

$config->sessionFingerprint = 12;

 

If that doesn't work, try $config ->sessionFingerprint = false;