[GH-ISSUE #2181] [Bug]: Cannot log in on production even though credentials are correct (no password recovery option) #1113

New issue

Open

opened 2026-02-26 02:35:17 +03:00 by kerem · 3 comments

kerem commented 2026-02-26 02:35:17 +03:00

Owner

Copy link

Originally created by @richardt1984 on GitHub (Dec 19, 2025).
Original GitHub issue: https://github.com/koel/koel/issues/2181

Originally assigned to: @phanan on GitHub.

Read the Troubleshooting guide.

• I have read and followed the Troubleshooting guide

Reproduction steps

1. Deploy Koel on a production server with a custom domain and HTTPS.
2. Complete installation and create an admin user.
3. Verify database connection works via php artisan tinker.
4. Verify user exists and password hash matches using Hash::check.
5. Open the Koel login page in an incognito browser.
6. Enter the correct email and password.
7. Submit the login form.

Expected behavior

After entering correct credentials, the user should be authenticated and redirected to the Koel dashboard.

Actual behavior

Login fails silently. The login page reloads or stays in place.
No error message is shown.
User is not authenticated even though credentials are correct.
There is also no “Forgot password” option available.

Logs

No relevant errors appear in storage/logs/laravel.log during login attempts.
Browser console also shows no errors.

Koel version

Latest version from the Koel GitHub repository (installed via git clone).

How did you install Koel?

Compiled from source

Additional information

• Database connection works correctly.
• User password hash is valid (Hash::check returns true).
• Only one APP_KEY is present.
• Caches cleared, sessions cleared, permissions fixed.
• Services restarted.
• Issue persists across browsers and incognito mode.

This behavior makes Koel difficult to trust in production, especially due to the lack of a password recovery option.

Originally created by @richardt1984 on GitHub (Dec 19, 2025). Original GitHub issue: https://github.com/koel/koel/issues/2181 Originally assigned to: @phanan on GitHub. ### Read the Troubleshooting guide. - [x] I have read and followed the Troubleshooting guide ### Reproduction steps 1. Deploy Koel on a production server with a custom domain and HTTPS. 2. Complete installation and create an admin user. 3. Verify database connection works via `php artisan tinker`. 4. Verify user exists and password hash matches using `Hash::check`. 5. Open the Koel login page in an incognito browser. 6. Enter the correct email and password. 7. Submit the login form. ### Expected behavior After entering correct credentials, the user should be authenticated and redirected to the Koel dashboard. ### Actual behavior Login fails silently. The login page reloads or stays in place. No error message is shown. User is not authenticated even though credentials are correct. There is also no “Forgot password” option available. ### Logs No relevant errors appear in storage/logs/laravel.log during login attempts. Browser console also shows no errors. ### Koel version Latest version from the Koel GitHub repository (installed via git clone). ### How did you install Koel? Compiled from source ### Additional information - Database connection works correctly. - User password hash is valid (`Hash::check` returns true). - Only one APP_KEY is present. - Caches cleared, sessions cleared, permissions fixed. - Services restarted. - Issue persists across browsers and incognito mode. This behavior makes Koel difficult to trust in production, especially due to the lack of a password recovery option.

kerem commented 2026-02-26 02:35:17 +03:00

Author

Owner

Copy link

@phanan commented on GitHub (Dec 19, 2025):

Koel version
Latest version from the Koel GitHub repository (installed via git clone).
This behavior makes Koel difficult to trust in production.

I wouldn't install an app using the master branch and say it's not "production ready."

especially due to the lack of a password recovery option.

The password recovery option is only available if you configure a mailer. No mailer (default) means no email sending, which means no password recovery.

Now with all that done, I find it pretty weird that you have no error whatsoever. Try Preserve Log in Dev Tools Network tab. Also try setting APP_DEBUG=true in .env file.

<!-- gh-comment-id:3674908829 --> @phanan commented on GitHub (Dec 19, 2025): > Koel version > Latest version from the Koel GitHub repository (installed via git clone). > This behavior makes Koel difficult to trust in production. I wouldn't install an app using the `master` branch and say it's not "production ready." > especially due to the lack of a password recovery option. The password recovery option is only available if you [configure a mailer](https://docs.koel.dev/guide/getting-started#configure-a-mailer). No mailer (default) means no email sending, which means no password recovery. Now with all that done, I find it pretty weird that you have no error whatsoever. Try Preserve Log in Dev Tools Network tab. Also try setting `APP_DEBUG=true` in `.env` file.

kerem commented 2026-02-26 02:35:17 +03:00

Author

Owner

Copy link

@richardt1984 commented on GitHub (Dec 19, 2025):

Hi

Thank you for your response and clarifications. I understand your points regarding the master branch not being intended as production-ready and the requirement for a configured mailer to enable password recovery.

Regarding the login issue:

I have confirmed that the database connection works correctly and that the admin user’s password hash is valid (Hash::check returns true).

I have cleared caches, restarted services, and verified APP_KEY and APP_DEBUG settings.

Despite this, the login form reloads without authentication, and no errors are shown in storage/logs/laravel.log or the browser console, even when DevTools is used.

It seems that the login failure is not related to credentials, password hashing, or caching, and I cannot identify any relevant error messages.

Could you advise on the next steps for debugging why authentication is silently failing in this environment? For example, are there known issues with session handling, middleware, or HTTPS configuration that could prevent logins from completing?

Thank you for your guidance.

Best regards,
Richardt

<!-- gh-comment-id:3676576739 --> @richardt1984 commented on GitHub (Dec 19, 2025): Hi Thank you for your response and clarifications. I understand your points regarding the master branch not being intended as production-ready and the requirement for a configured mailer to enable password recovery. Regarding the login issue: I have confirmed that the database connection works correctly and that the admin user’s password hash is valid (Hash::check returns true). I have cleared caches, restarted services, and verified APP_KEY and APP_DEBUG settings. Despite this, the login form reloads without authentication, and no errors are shown in storage/logs/laravel.log or the browser console, even when DevTools is used. It seems that the login failure is not related to credentials, password hashing, or caching, and I cannot identify any relevant error messages. Could you advise on the next steps for debugging why authentication is silently failing in this environment? For example, are there known issues with session handling, middleware, or HTTPS configuration that could prevent logins from completing? Thank you for your guidance. Best regards, Richardt

kerem commented 2026-02-26 02:35:17 +03:00

Author

Owner

Copy link

@phanan commented on GitHub (Dec 19, 2025):

I actually now think that there’s something wrong with your server setup.
The fact that there’s no log whatsoever may be an indication that the
request doesn’t reach the application at all. Have you tried running
koel:doctor?

On Fri, Dec 19, 2025 at 21:49 richardt1984 @.***> wrote:

richardt1984 left a comment (koel/koel#2181)
https://github.com/koel/koel/issues/2181#issuecomment-3676576739

Hi

Thank you for your response and clarifications. I understand your points
regarding the master branch not being intended as production-ready and the
requirement for a configured mailer to enable password recovery.

Regarding the login issue:

I have confirmed that the database connection works correctly and that the
admin user’s password hash is valid (Hash::check returns true).

I have cleared caches, restarted services, and verified APP_KEY and
APP_DEBUG settings.

Despite this, the login form reloads without authentication, and no errors
are shown in storage/logs/laravel.log or the browser console, even when
DevTools is used.

It seems that the login failure is not related to credentials, password
hashing, or caching, and I cannot identify any relevant error messages.

Could you advise on the next steps for debugging why authentication is
silently failing in this environment? For example, are there known issues
with session handling, middleware, or HTTPS configuration that could
prevent logins from completing?

Thank you for your guidance.

Best regards,
Richardt

—
Reply to this email directly, view it on GitHub
https://github.com/koel/koel/issues/2181#issuecomment-3676576739, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/AB5O3UULDX2UOBWGK5SCQQ34CRQG5AVCNFSM6AAAAACPRCPMR6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMNZWGU3TMNZTHE
.
You are receiving this because you were assigned.Message ID:
@.***>

<!-- gh-comment-id:3676722582 --> @phanan commented on GitHub (Dec 19, 2025): I actually now think that there’s something wrong with your server setup. The fact that there’s no log whatsoever may be an indication that the request doesn’t reach the application at all. Have you tried running koel:doctor? On Fri, Dec 19, 2025 at 21:49 richardt1984 ***@***.***> wrote: > *richardt1984* left a comment (koel/koel#2181) > <https://github.com/koel/koel/issues/2181#issuecomment-3676576739> > > Hi > > Thank you for your response and clarifications. I understand your points > regarding the master branch not being intended as production-ready and the > requirement for a configured mailer to enable password recovery. > > Regarding the login issue: > > I have confirmed that the database connection works correctly and that the > admin user’s password hash is valid (Hash::check returns true). > > I have cleared caches, restarted services, and verified APP_KEY and > APP_DEBUG settings. > > Despite this, the login form reloads without authentication, and no errors > are shown in storage/logs/laravel.log or the browser console, even when > DevTools is used. > > It seems that the login failure is not related to credentials, password > hashing, or caching, and I cannot identify any relevant error messages. > > Could you advise on the next steps for debugging why authentication is > silently failing in this environment? For example, are there known issues > with session handling, middleware, or HTTPS configuration that could > prevent logins from completing? > > Thank you for your guidance. > > Best regards, > Richardt > > — > Reply to this email directly, view it on GitHub > <https://github.com/koel/koel/issues/2181#issuecomment-3676576739>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/AB5O3UULDX2UOBWGK5SCQQ34CRQG5AVCNFSM6AAAAACPRCPMR6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMNZWGU3TMNZTHE> > . > You are receiving this because you were assigned.Message ID: > ***@***.***> >

kerem referenced this issue 2026-02-26 03:31:33 +03:00

[PR #1113] [MERGED] Bump pusher/pusher-php-server from 4.0.0 to 4.1.0 #1582

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/composer/phpunit/phpunit-12.5.22

dependabot/npm_and_yarn/dompurify-3.4.0

dependabot/npm_and_yarn/vite-plus-0.1.17

dependabot/composer/phpseclib/phpseclib-3.0.51

release

1889-duplicate-upload-detection

test/home-screen-empty-to-content

fix/exclude-songless-albums-from-recently-added

refactor/laravel-prompts

fix/wma-cover-art-exception

fix/remove-redundant-seed-step

chore/upgrade-laravel-13

chore/upgrade-vue-3.5.29

test/phase-7-components

dbg-2142

demo-fix

debug-mysql

trusthosts

seek

fix-equalizer

sentry

invite-user

remove-v6-obsolete

fix/song-list

feat/paths-filter

fix/home

fix/footer

feat/progressive

php81

dev/public-playlists

cy

feat/l7

dependabot/composer/pusher/pusher-php-server-4.1.4

dependabot/composer/laravel/framework-5.8.38

dependabot/composer/jackiedo/dotenv-editor-1.1.1

renovate/pin-dependencies

actions

api-doc

feat/recently-played

fix-tests

fix-cover-page

upload

stylejs-196

compilation

vuex

android-notif

nojquery

demo

vue2

2.0

1.1

v9.1.1

latest

v9.1.0

v9.0.0

v8.3.1

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.15.1

v7.15.0

v7.14.0

v7.13.0

v7.12.0

v7.11.0

v7.10.4

v7.10.3

v7.10.2

v7.10.1

v7.10.0

v7.9.0

v7.8.1

v7.8.0

v7.7.1

v7.7.0

v7.6.3

v7.6.2

v7.6.1

v7.6.0

v7.5.2

v7.5.1

v7.5.0

v7.4.2

v7.4.1

v7.4.0

v7.3.1

v7.3.0

v7.2.2

v7.2.1

v7.2.0

v7.1.0

v7.0.12

v7.0.11

v7.0.10

v7.0.9

v7.0.8

v7.0.7

v7.0.6

v7.0.5

v7.0.4

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.12.1

v6.12.0

v6.11.5

v6.11.4

v6.11.3

v6.11.2

v6.11.1

v6.11.0

v6.10.0

v6.9.0

v6.8.5

v6.8.4

v6.8.3

v6.8.2

v6.8.1

v6.8.0

v6.7.5

v6.7.4

v6.7.3

v6.7.2

v6.7.1

v6.7.0

v6.6.0

v6.5.3

v6.5.2

v6.5.1

v6.5.0

v6.4.3

v6.4.2

v6.4.1

v6.4.0

v6.3.0

v6.2.2

v6.2.1

v6.2.0

v6.1.0

v6.0.6

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v0.0.0-beta

v5.1.14

v5.1.13

v5.1.12

v5.1.11

v5.1.10

v5.1.9

v5.1.8

v5.1.7

v5.1.6

v5.1.5

v5.1.4

v5.1.3

v5.1.2

v5.1.1

v5.1.0

v5.0.2

v5.0.1

v5.0.0

v4.4.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.1

v4.1.0

v4.0.0

v3.7.2

v3.7.1

v3.7.0

v3.6.2

v3.6.1

v3.6.0

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.1

v3.4.0

v3.3.1

v3.3.0

v3.2.0

v3.1.1

v3.1.0

v3.0.1

v3.0.0

v2.2.1

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.1.2

v1.1.1

1.0.0-beta

Labels

Clear labels   

Authentication

  

Dependencies

  

Documentation

  

Feature Request

  

Flac

  

Help Wanted

  

Installation/Setup

  

Integration

  

Mobile

  

PR Welcome

  

Pending Release

  

Performance

  

Playlist

  

S3

  

Search

  

Sync

  

[Pri] Low

  

[Pri] Normal

  

[Status] Keep Open

  

[Status] Needs Author Reply

  

[Status] Needs Review

  

[Status] Stale

  

[Status] Will Implement

  

[Type] Blessed

  

[Type] Bug

  

[Type] Duplicate

  

[Type] Enhancement

  

[Type] Help Request

  

[Type] Question

  

[Type] Task

  

pull-request

Mirrored from GitHub Pull Request

No labels

Authentication

Dependencies

Documentation

Feature Request

Flac

Help Wanted

Installation/Setup

Integration

Mobile

PR Welcome

Pending Release

Performance

Playlist

S3

Search

Sync

[Pri] Low

[Pri] Normal

[Status] Keep Open

[Status] Needs Author Reply

[Status] Needs Review

[Status] Stale

[Status] Will Implement

[Type] Blessed

[Type] Bug

[Type] Duplicate

[Type] Enhancement

[Type] Help Request

[Type] Question

[Type] Task

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/koel-koel#1113

No description provided.