Recent Topics

Either you have not enabled cookies or this login window has expired"

Started by on Mar 13, 2013 – Contents updated: Jun 11, 2013

Mar 13, 2013 18:18    

Well, here we go again folks. This issue seems to be a hassle for multiple persons for many years at this point. Also, for most people, it seems to present itself suddenly, with no conscious changes having been made by some of the blog "victims". (I have started a new topic because the last such post was from 2011 and I don't want to be "buried" in someone else's post that everyone might think has been resolved. Also, the issue that is causing my error might be different than the other posts, because trying the previous posted "solutions" did not help me.)

In my case, for my blog, the only changes recently made (aside for a new blog post Feb 16, 2013) were some settings in an attempt to eliminate SPAM: I reduced number of links that could be put into a comment to 1 and then I prohibited any links in comments by changing the maximum links to zero. (And, BTW, the "karma" thing is not stopping the posting of comments with a link...though that's a separate issue.)

As with others, I have tried the various suggestions I have found in the forum going back to 2008 or before: Changed "instance" name; rebooted; tried different browsers & computers; increased the "timeout" setting' verified that base URL and URL syntax in the config file was correct (this blog IS a subdomain of nowfind. us & if I change the base URL from what it is, the CSS is not found. Previously, it worked fine with exactly the current base URL setting.).

Please help! This is a serious enough error to cause someone to abandon B2Evolution...If one cannot post to, or administrate a blog...what good is it?

I have changed the debug setting so that I could obtain the debug display. It is shown below. I would be happy to provide administrative login information to a forum "geek" if that is necessary in order to solve this problem. In other words...HELP!!!!!!!!!

Mar 13, 2013 20:46

This very much looks like a discrepancy between the domain you use to connect and the $baseurl.

Please see:

The debug info is designed for developers, not for tech support. The contents of it may change from version to version dependign on what is currently being worked on. You should NOT share your debug info with the world. It may contain confidential passwords.

In your case you want to look at $baseurl $cookie_domain and $cookie_path as well as the URL of your browser at that moment and the referer URL. There is probably a discrepancy between those.

Mar 15, 2013 22:29

I don't see that there is confidential info, but I also do not see how I can delete the debug info. Can you do it and leave the rest of the post???

Mar 15, 2013 23:58

While I have a subdomain for my blog,, I just went into my control panel and set it so that someone going to is redirected to which is the actual baseurl from a folder standpoint. And, I changed the baseurl to be the same as the redirect. And, I still get the same error.

This is too crazy Francois. People setting up a blog should not have to be programmers or script-writers or developers. My blog worked just fine and all I changed recently was to tell the blog to reject comments with any links in them. That's all...though that did no good anyway. People are still posting spam with links.

If you wonder why people prefer WordPress to b2eveolution, it might be that this kind of spontaneous error doesn't happen with WP.

HELP!!! I have never changed the $cookie_domain and $cookie_path at all. Why should this error have begun to occur? I would gladly give you administrative rights if you want to look at my files. I cannot keep being denied access to my blog! Thanks, in advance, for any further assistance you can provide!

Mar 16, 2013 03:47

OK maybe my first guess about you having a discrzpancy between $baseurl and your login url is wrong but I really don't think that error arrived spontaneously.

But... you should really watch this twice: there is no such thing as a "baseurl from a folder standpoint". There is only ONE base url which is THE CANONICAL URL at which your b2evolution can be accessed with a web browser.

Just to be clear, if your browsers displays when you are on the login page (which it seems to be right now), then you should have


$baesurl '';

Can you confirm that?

Now if that is correct and you haven't changed anything, and especially anything related to the URL you use to log in, then maybe you have installed or updated a cookie blocker, or maybe you have a security suite that has updated or a firewall that has updates or maybe even a browser update which now has a stronger rule regarding cookies. What browser are your using? OS? security software? what kind of internet connection (office / home ?)

Your message is "Either you have not enabled cookies or this login window has expired" which indicate that when you submit the login form, b2evolution is not receiving the cookies that it tried to set when displaying the login form.

Now, when I go to your login page and enter any random login/password, I don't get any such error. All I get is "Wrong login/password."... which is normal of course because I don't have your password.

What do you get if you enter faulty credential? If you don't get "Wrong login/password." then your browser is behaving differently than mine and you should definitely look at what's going on between your computer and the server.

Can anyone else try to login on @olen's site?

Mar 23, 2013 23:43


Base URL is

When I log with correct credentials, I get: "Either you have not enabled cookies or this login window has expired"

When I log in with incorrect credentials, I get: "Wrong login/password"

The girl who actually write this blog, "paupergirl" herself, has the same exact behavior when she tries to log in.

I have uploaded _base_config.php again, just to make sure it is correct.

It does not matter what browser I use, IE or Firefox and I also tried logging in from a laptop which uses Opera. Same behavior.

Cookies are enable. Operating system is Windows XP but Paupergirl herself uses Vista. Same behavior. Other sites that try to retrieve cookies from me do not have a problem. I use Avant anti-virus & ZoneAlarm firewall, but there are no issues with those programs and ANY other website. And, they have not been updated since B2evolution was working correctly.

As you can see, this is not confined to one user or one computer.

If you provide an email address, I am, I would be happy to give you an administrator login. You are welcome to look around! I am at a loss here and I must get this going within the next few days.

Another possibility, since I am at 3.3.3 (?) is to upgrade to 4.1.6 The problem is that I am concerned with changes I had made after the initial install. Most were to the Evocamp skin, I believe, but possibly to other files either automatically or manually. In any event, I sure do not want to start from 0 even if the database itself is not affect. (Though I prefer B2E over WordPress, this is one way that WP is better than B2E. No matter how drastic are changes in WP upgrades, anyone can do the WP upgrade almost automatically.)

Mar 31, 2013 23:52

Note: if you rename your evocamp skin to "paupergirlskin", you can continue to use it without problems after any upgrade.

Now if you modified the core, it's a different story.

If you want automatic upgrade, we do have that feature in v4 actually.

Apr 01, 2013 13:51

I would not have modified the core unless specifically instructed to do so. I am not proficient with PHP to such a degree that I would try to modify it on my own initiative.

You say version 4 has auto-upgrade built in. Does that upgrade from version 3.3.3 to 4.x.x ? When I looked at the upgrade instructions for 3.3.3 to 4.x.x they did not look automatic to me! It seems that major upgrades were not automatic.

Predominantly what was modified in the evocamp skin was the css, background and top images.

Apr 01, 2013 18:42

The auto upgrade feature has been added in v4, so as long as you don't have v4 you can't use the auto upgrade feature. Makes sense, doesn't it?

Anyways, manual upgrade is no big deal.

Apr 07, 2013 16:23

This really is totally frustrating, Francois! You don't like CAPTCHA, because it makes it hard for people to log in, but you have this issue with the cookies that can make it impossible for admins to log in, and it has been causing headaches for years!

I took your suggestions and upgraded from 3.x.x to the current 4.x.x stable version and WHOOPIE! not I don't get that error...Now I get Incorrect crumb received. It's really time to come up with a security protocol that doesn't have this shortcoming, potential for error!

I have also posted a new topic under the "Incorrect crumb received" title in this forum.

I've made no changes to the upgrade install except the basic config file and the database automatic database update completed successfully.

I have posted the basic config file with the" actual subdomain as base URL and also as "" actual blog files location as base URL and the error is identical. And, I have cleared caches, deleted cookies, etc. No difference. Same error.

What now???

Apr 07, 2013 17:15

I have sent you an email a while ago to get credentials to test your site myself. You haven't replied.

Note: the incorrect crumb problem is EXACTLY the same as the login problem: your cookies are configured incorrectly.

Apr 23, 2013 09:34

I was looking for something else & saw this topic/thread so I decided to add in my own experience. This same exact error happened to me when I installed 4.1.5 and I made one change in the Admin settings: that change was the "Session Timeout" in "Global Settings" & on the tab "General".

I had installed b2evo brand new using Xampp for Windows on my own computer to experiment and practice and learn. All was working wonderfully well, page after page of looking at this and changing this-or-that, even doing some dummy/test posts, and doing things with skins and some changes to CSS files.

But then, at that particular setting of "Session Timeout", it fell down and went boom. Immediately after changing that setting to a much shorter time period than the default and clicking on "Save" at the bottom of the page and clicking on the next link/thing that I wanted to click on, that error displayed of the login window expired or cookies not being enabled. And so, because that error comes up and nothing can be done because of that error, the only thing that could be done was to go through the Install procedure in selecting the option of "Starting Anew" which does a complete reset of the database (although it's possible that exporting first, then doing the reset, then importing the exported data would work). Since I was just experimenting that didn't bother me so much...otherwise it'd be a huge bummer.

I tried different variations of changing that setting to try to figure out what minimum amount of time would be allowed before that error would happen, but I stopped after the 3rd try because of how much of a hassle it is. If this same bug still exists when I make an actual live blog site, then I will take whatever time is needed for however many install-and-reset times are needed to get that figured out because I believe it's important that it can be set lots lower than the default time of 7 days (I want it to be no more than 1 hour). So for now, I leave that option alone and avoid it like the plague because it's a danger poison setting that will smash things.

Here's my guess for why this happened to you: you were upgrading from a previous version that apparently accepts whatever Session Timeout you want. Along comes 4.1.5 or whatever version you upgraded to and so now you have that set to a shorter period of time than what this bug will allow. Crash kaboom. This is my guess for what happened. If I am correct, my suggestion is export your database tables and then reset your b2evo database and then import what you exported before. I've used PhpMyAdmin to look and look some more, to find out where that Session Timeout setting is stored, but I haven't found it at all so I'm hoping I'm overlooking something very simple.

May 03, 2013 17:17

Elscham...Nope! The error did not occur as a result of any attempted upgrade, and I did not modify that timeout setting. No changes to the site, in fact, were except to delete spam comments. Some were done within the B2Evolution site itself. Then, after getting tired of deleting one spam after another, one at a time...I went to the data base and deleted spam from the right table. NO other changes were made to any other data or tables. And, I was able to log in after that. I cannot see that anything that I did, in any way, corrupted the tables. Sorry...I don't see that any of this is my fault and the only other person with admin rights would never attempt any changes to anything. She just posts the blogs themselves and responds to comments with her own.


May 20, 2013 00:15

Note: Olen I replied to your email a long time ago and still haven't gotten an answer.

May 23, 2013 21:09

I had previously given you credentials to access paupergirl as an administrator, but I assume you were shut out just as I am.

I have responded to your email again...this time with administrative credentials for the whole site. You can log right into c-panel from

The previous paupergirl credentials, which I included again, should allow access to the database: bvlt1


Jun 10, 2013 17:57


Please see my post from May 23, and check your personal email from about the same time. I sent you the credentials for paupergirl, both the blog and the C-Panel & database...which should allow you to rummage around wherever you like. Paupergirl has be useless for more than 4 months and the repeated implication is that I did something to create the problem with accessing the site...when it is obvious that this is a flaw with B2Rvolution...and has been for years and years. Please help!

Form is loading...

b2evolution CMS – This forum is powered by b2evolution CMS, a complete engine for your website.