Access Denied error after login.

I just went through this same nightmare yesterday. I have no idea what was the cause, but thank gawd I use the "backup & migrate" module...

I ended up, after multiple restores, upgrades and always ending up with a user/1 login receiving 'access denied' for any admin pages, doing a fresh install to fit things.

I deleted my entire document root, including any hidden files such as .htaccess and .sites and doing a purely clean install. Finally that behaved normally.
Then I moved my contributed modules back into place and enabled all of them except for the Masquerade module (I suspect that one caused my problem).
Then, with "backup and migrate", I restored my last backup and everything was happy again, with the 6.19 release.

PITA!!!

Background:
I migrated my prod back to my dev. tar'ed up my drupal filesystem and copied it to dev. mysqldump prod db and restored it in dev. copied my nginx config, php config, php-fpm config, etc, all to dev. After changing several env-specific configs, mainly file paths, and setting all www.mydomain values to "localhost", it all fired up just fine.

But, for the life of me, I kept getting access denied at login, yet sessions were appearing in the sessions table.

I followed this thread and others, tried a few things, but still no luck. Then, I set the following php.ini configs as follows (yes, not commented out, rather set to nothing):

[php.ini]
session.cookie_domain = (yes, not commented out, and NO value after equals. it was set to "localhost", that didn't work)
session.cookie_httponly = (yes, not commented out, and NO value after equals. it was set to "1", that didn't work)

My other settings are as follows:
[settings.php]
$base_url = 'http://127.0.0.1:40598'; // my nginx port #
#$cookie_domain = // commented out
[nginx.conf]
server_name 127.0.0.1 localhost;

I have had the same issue just occur on a couple of development sites. All sites on my dev server have been recently upgraded to drupal 6.19.

Some sites (the ones I am currently working on), I have just noticed have had this issue where Access denied is shown to users logging in through Internet Explorer only. I have tried all the various fixes changing the cookie_domain etc. to no avail.

I then looked a bit further and some older sites work and some older ones don't. The problem was really bothering me, not because I couldn't log in through IE, but because some sites do work and some don't. Tried disabling any modules that were different on the sites, did compares on the files, settings and other configs referring to the sites that worked and those that didn't.

The only difference I could find between sites that do work and those that don't seems to be in the domain name.

My dev site are all accessed through mysite.dev.mydomain.com, the ones that don't work seem to include an underscore. i.e. my_client.dev.mydomain.com, the ones that work don't have the unscore i.e. aclient.dev.mydomain.com.

Changing my_client.dev.mydomain.com to myclient.dev.mydomain.com fixes the problem. No other changes required.

Still no idea what really fixed it but none of the suggestions above worked. The clue for us was that only *some* machines were affected.
The fix was to do a hard reset of IE's settings on machines that were being affected:

• In Internet Explorer, go to Tools -> Internet Options
• Go to the Advanced tab and click on the Reset button
• On the Reset Internet Explorer settings window, tick the Delete personal settings box and click the Reset button
• Now close and re-open Internet Explorer and you should be able to log in.

If your site has a short 4 character domain name (e.g., "ab.be") domain then this might be caused by a IE bug . See #280623: Problem with 2 letter domain names, Internet Explorer and cookies

I came across this strange phenomenon after moving a Drupal 7.15 site from the test to live server.
Test server: login with any browser works normal.
Live server:
- login in Firefox, Safari, Chrome... works normal.
- login in IE with the same valid account: it shows the url [mydomain.com]/user/15 and 'Access denied'.

I cleared Drupal caches, truncated the sessions table, full reset of IE. Nothing works!
Any suggestions? Thanks in advance!

Update: I reread the whole thread, and the solution of the_g_bomb worked. Turned out that the underscore in the subdomain was evil... Doh.

I was having this trouble also. After reading through a lot of the comments and attempting various fixes with no success, I decided to try something and it seems to have resolved the issue. Not exactly sure why, maybe someone else will have that insight...

All I did was change the password in settings.php to something invalid, causing the site would crash.
Then I changed it back to the correct password again.
Refresh and use password recovery.
Success, the link from the recovery email successfully brought me to my edit user page.

Drupal 7.22

**** Update ***
Issue is randomly back, and my previous fix has proven to be a coincidence I guess.

*** Update ***
Alright so the following finally worked for me.
As Noted in settings.php "Make sure to always start the $cookie_domain with a leading dot, as per RFC 2109."

$cookie_domain = '.MySubDom.MyDom.com';
$conf['https'] = FALSE;

Specifying the $cookie_domain in any other way was not working for me.
Hopefully this fix sticks.

For future reference: I had this issue on a D6 install. The reason was that the session table had been corrupted due to lack of disk space. Running

REPAIR TABLE sessions;

on the database resolved the problem after clearing up some space.

What worked for me was enabling and configuring the $cookie_domain variable in settings.php (because I have a site that can be accessed by 2 different domains).

Pay attention to the comment before this variable! The domain name must start with a period. EX:
$cookie_domain = '.example.com';

Good luck!