Redirection to the login page after succesful login

Dear all,

I’m trying to migrate a Matomo installation to an OpenShift deployment. I first tried a fresh matomo installation and worked nicely. Then I restores the DB from the old installtion into the new one and then tried to log in using the old password. Everything seems to work ok (no errors in console / logs) but the redirect sends me back to the login/password page.

looking at the network traffic I see the 302 POST to index.php?module=Login and then a 200 back to index.php.

10.251.128.3 - - [03/Jun/2026:07:30:21 +0000] “GET /index.php HTTP/1.1” 200 52481 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0” [!dt dt.trace_id=8c7f1dd015fb77b291569701d047cc20,dt.span_id=5fea4e102ef04132,dt.trace_sampled=true]
10.251.128.3 - - [03/Jun/2026:07:30:27 +0000] “POST /index.php?module=Login HTTP/1.1” 302 542 “``https://bi-bio-matomo-prod.eu.domain.com/index.php``” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0” [!dt dt.trace_id=617aae4ec8887af1f864f62dea81af43,dt.span_id=63027b4093a75413,dt.trace_sampled=true]
10.251.128.3 - - [03/Jun/2026:07:30:27 +0000] “GET /index.php HTTP/1.1” 200 52484 “``https://bi-bio-matomo-prod.eu.domain.com/index.php``” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0” [!dt dt.trace_id=0bf556949dd67a3c2fc4b6035b23b28b,dt.span_id=5eb0279e1945580c,dt.trace_sampled=true]

I’ve also disabled a login realated plugin “Login OIDC”, but as I’m using admin local account it should not be related…

I’m a bit lost on how to debug this issue, any help/guidance is appreacited.

I’m on Matomo 10.5.1 and MySQL 9.7

thanks

Funny enough, if I renebale the LoginOIDC plugin I can access with my SSO….
Somehow the error is related to the Login plugin and/or the admin (root) account.

Hi @Brias

Nice find, that narrows it down a lot. If SSO logs you in and you stay logged in, then the whole session/cookie side is working fine (storage, cookies, the proxy in front, all good). So the issue is specifically the local username + password login for the admin account, not the sessions.

Two things will tell us exactly what’s happening:

First, in DevTools look at the login POST (the 302) > Response Headers > Location:

• if it points to the dashboard (module=CoreHome…), the password was accepted and something kills the session right after
• if it points back to Login (or to a 2FA page), the password isn’t being accepted at all

Second, a quick read-only check on the admin row in the database:

SELECT login, LEFT(password,4) AS hash_prefix, ts_password_modified, twofactor_secret
FROM matomo_user WHERE superuser_access = 1; – might be piwik_user on the restored dump

• if hash_prefix is not $2y$, the restored password hash won’t verify in this Matomo version, which is exactly why SSO works but the local password doesn’t
• if twofactor_secret is filled in, 2FA is kicking in on the local login (and SSO bypasses it)

My money is on the password hash. Quickest fix would be to reset the superuser password from the pod CLI and try again.

Hope this points you in the right direction

Thanks for your answer.

Shame on me, I did not try the local account after succesfuly log with SSO and, know what? now it also works.

So my conclusion is that if you migrate a matomo instance using SSO you must fully configure SSO on the new instance otherwise local login will not work.