WHMCS Troubleshooting: The Admin Login "Refresh Loop"

1. Symptoms

When attempting to log in to the WHMCS Admin dashboard, the page continuously refreshes and returns to the login screen.

  • No red "Invalid Username or Password" error is displayed.

  • Password resets have no effect.

  • Bypassing Captcha or disabling Two-Factor Authentication (2FA) does not resolve the issue.

2. The Root Cause

This behavior occurs when WHMCS successfully verifies the login credentials but the server fails to write the PHP Session file. If the session isn't saved, the server instantly forgets the login status upon the next page load, kicking the user back to the login screen.

The most common causes for this are:

  1. Missing Directory: The directory specified in the server's session.save_path PHP variable does not exist (e.g., after a PHP version upgrade like moving to ea-php83).

  2. Incorrect Permissions: The session directory exists but lacks the correct write permissions.

  3. Full Disk Space: The server or hosting account has reached 100% capacity and cannot write new files.

3. Diagnosing the Issue

  1. Log in to your hosting control panel (e.g., cPanel).

  2. Open MultiPHP INI Editor (or your equivalent PHP settings manager).

  3. Locate the session.save_path directive. Note the folder path listed (e.g., /var/cpanel/php/sessions/ea-php83).

  4. Verify via File Manager or SSH if this exact folder path exists on the server.

4. Resolution

Depending on your server access level, choose one of the following solutions:

Option A: Shared Hosting / Standard cPanel Access (No Root Access)

If you cannot create folders at the server root level (inside /var/), you must redirect PHP sessions to a folder within your own user account.

  1. Log in to cPanel and open the File Manager.

  2. Navigate to your root home directory (e.g., /home/yourusername/). Do not place this inside public_html for security reasons.

  3. Create a new folder named phpsessions.

  4. Go back to the cPanel dashboard and open MultiPHP INI Editor.

  5. Select the location (your domain or home directory) from the dropdown menu.

  6. Scroll down to session.save_path.

  7. Update the value to point to your new folder: /home/yourusername/phpsessions (replace "yourusername" with your actual cPanel username).

  8. Click Apply or Save. Test the WHMCS login.

Option B: VPS / Dedicated Server (Root SSH Access)

If you manage the server, the cleanest fix is to recreate the missing global session directory and assign the correct permissions.

  1. Connect to your server via SSH as the root user.

  2. Recreate the exact folder path that is missing. For example, if upgrading to PHP 8.3 in cPanel/EasyApache 4:

    Bash

    mkdir -p /var/cpanel/php/sessions/ea-php83

  3. Apply the necessary sticky bit and read/write/execute permissions (1777) required for cPanel session folders. This allows all users to write to the folder, but users can only delete their own session files:

    Bash

    chmod 1777 /var/cpanel/php/sessions/ea-php83

  4. Test the WHMCS login. No service restart is usually required.

Still need help?

Contact us

WHMCS