The Cookie Monster Ate My Password

Customer and Employee Passwords No Longer Work After Migrating to a New Prestashop Installation

For those of us in the software industry there comes a time when an upgrade becomes so convoluted or a working directory so corrupted that it is easier to start fresh with a nice shiny new install. Unfortunately, migrating to a new install can come with its own set of problems. For example, I encountered an issue when migrating a working PrestaShop store to a completely new installation including a new database.

After the install, I added the store’s theme to the installation directory and also added the table entries for the store’s existing customers, employees, and inventory from the original database. It was at this point that I had one of those “Oh @%&#” moments when I could no longer log into the PrestaShop back office using the administrator email and password that I had just added to the database. As a sanity check, I then tried to log into the storefront using my test customer account and guess what, that failed too. Even the request for a password reset failed. Somehow all of the customer and employee passwords stored in the database had become corrupted.

It turned out that the passwords hadn’t been corrupted, just that the password encryption had changed from one installation to another. Password encryption in PrestaShop is based on the store’s cookie key. There are two PrestaShop cookie defines found in the ./config/settings.inc.php file:

  • _COOKIE_KEY_
  • _COOKIE_IV_

I compared the settings.inc.php files of the old and new installs and saw that my cookies had been tossed. I replaced the new cookie defines with the old ones which fixed the problem and averted a nuclear holocaust due to a Charlie meltdown.

About Charlie Thompson

Charlie is co-founder and president of GroundSwell Web Designs. When he's not evaluating tools, building sites, assisting clients, or verbally threatening computers you can usually find him outside wondering what that big bright object is in the sky. You can follow him on Linkedin. See all posts by Charlie.