I've seen some threads about this but none for drupal 6. Apologies if this is a duplicate question.

A brand new install of Drupal on a site hosted by Network Solutions. Install, eventually, went fine, I have an admin account and the site is up and running with list of administrations and a welcome on the front page. I'm logged in as administrator and it's happy with that. I can go to the administration sectrion but any sub pages of that throws up an access denied error and presents me with login and password fields. I login using the admin name and password but it just chucks me back. I'm effectively denied access, as admin, to any configuration settings in the default install.

any suggestions gratefully received.


Drupal.Stefan’s picture

same issue.

aangel’s picture



rj.seward’s picture

I had the same exact problem with my new Drupal 6 installation. I found the suggestion below (among several others) at http://drupal.org/node/20397 and added the line register_shutdown_function('session_write_close'); to my settings.php (find it in /sites/default/). The file is usually set to read only, so you may have to chmod a+w before editing it. Be sure and set it back once things are working as desired.

I also logged out and then in Firefox went to Tools > Clear Private Data and then cleared the cache, cookies and saved passwords.

After this small modification the problem appears to have been fixed.


Admin Access Denied
majunor - February 28, 2007 - 18:09

I had the same problem. My Hosting Service changed the PHP version. To fix this I had to add this to my settings.php file:


Hope that helps

rj.seward’s picture

This morning, my site was again giving me an Access Denied message and kicking me back to the login screen whenever I tried to do anything under Administer. For example, I attempted to change a user password, and as soon as I hit Save, I got the Access Denied and then I was sent back to what appears to be a state of being logged out.

Now it appears to be working again, but I have yet to figure out why.

This is from CHANGELOG.TXT
* Removed default/settings.php. Instead the installer will create it from

Does this mean that settings.php is created once at install and after that we can modify it? Or are we supposed to modify default.settings.php instead? I changed both just in case, adding register_shutdown_function('session_write_close'); just after the line $db_prefix = '';


rj.seward’s picture

I found that each time the Access Denied problem shows, a log entry is generated similar to the one below:

warning access denied 05/09/2008 - 12:52 logout anonymous (not verified)

This shows that access is being denied to anonymous, even though I was logged in as me, the super admin user and not as anonymous. This looks like a case of mistaken identity.

rj.seward’s picture

See http://drupal.org/node/256035 for the Bug Report on this. Please comment as you see fit.

rj.seward’s picture

I learned this quick fix this morning from an experienced Drupal developer. Apparently this problem has been around for a while and he has run into it more than once.

If you can access your drupal db then run either of these update statements:

UPDATE sessions SET uid = 1;
UPDATE sessions SET uid = 1 WHERE hostname = "your.ip.address";

Either will set your current session uid to 1 so you are then allowed to access the admin interface.

The first statement sets all of the uid's of all the sessions to 1. Since this gives any user logged on full admin privileges, use this only when you are sure you are the only one logged on, and then only when absolutely necessary.

The second statement sets the session uid to 1 only for the session coming from your machine, so it is a bit safer to use.

Alternately you can just tinker with the uid's of the sessions through a db front end like phpMyAdmin.

For me, this was a life saver.


rj.seward’s picture

One interesting thing just happened, and this has probably been the
problem all along:

I was logged in and there was just one session showing in the db. Then I went to edit my own user when I got the Access Denied message again. So I went back to the db and there was another session, this time with the uid of 0. I changed it to 1 and then I was able to again access the admin interface. Now there are two sessions showing in the db.

So why would drupal suddenly create a new session for me? And why with uid of 0?

rj.seward’s picture

Today I found a forum post at http://drupal.org/node/20397#comment-175577 where it was suggested that I upgrade my includes/session.inc file. As mine was version 1.44 and the latest version is 1.48 (found at http://cvs.drupal.org/viewvc.py/drupal/drupal/includes/session.inc?revis...) I thought I would give this a try.

Now, after upgrading the session.inc to v1.48 the strange behavior in my sessions table along with the concurrent Access Denied problems appears to have been fixed.

Thank you, thank you...

ismc’s picture

I had the same problem with my drupal 5-7 on 1&1 (access denied ) upgrading the session.inc was the solution for me. I had just take the latest version for drupal 5 instead o 1.48 version which is for drupal 6

Thinfully for you all i coud fix my problem in just 8 hours ;-)

Thanks again

zandraya’s picture

I had the same "Access Denied" problem, but unfortunately replacing the session.inc file didn't work for me. After starting over a couple of times I decided not to enable Clean URLs the during the final install even though I got the green light that my server should support it. I haven't had any the access problem since.

marcocuyt’s picture

yep, this solved the issue for me!

Anonymous’s picture

Right on! That was it.

Wayne_Luke’s picture

If your account isn't the first created when Drupal is installed then you need to apply administrator permissions to that account.

Login with the super user (the one first created after installation).
Create an administrator role (/admin/user/roles/).
Assign all the "Administrate XYZ" permissions to this role.
Once the role is setup then assign users that you wish to be administrators to it (/admin/user/user).

monsieurx’s picture

Same issue here. I tried:
- settings.php file, including: mysql or mysqli setting, register_shutdown_function, cookies commenting, update_free_access=true
- all files' permissions are set correctly.
- everything is green in the reports page
- any sub page of administration/help/ gives access denied as well as admin settings.
- Administration only shows user mgmt and reports
- auth users have all the permissions
- i only log in with the first user
- cache and cookies were cleared
- same problem in IE or FF
- I tried 3 installs, different 4.x user roles sql settings
2 days i try, im really getting weary of searching for yet another solution. WHY is it denied????

thanks for any help. This is really the pits...

rj.seward’s picture

I think this is a bug in Drupal 6 and should be reported as such.

monsieurx’s picture

I believe the permissions on the themes was the problem. I set them to 775 and it worked.

Carlitus’s picture

I've similar problems with the same multisite instalation. I can login in with admin account (uid 1) and seems to be all ok but in some pages (edit content types for example) Drupal shows me an "Access denied You are not authorized to access this page."

Web design Neurotic

gamezland’s picture

Any news regarding this behaviour?

I have same problem after upgrading from php 4 to php 5.

I noticed the following changes in the session table.
1. Login as uid 1 => correct table entry with uid 1
2. Click on the link to the adminsection
3. Still correct entries in session table
4. Click on e.g. status report
5. Multiple new entries (3) in the session table all with uid 0. The old session with uid 1 still exists.
==> Access denied message including no access to any theme data (css, images, etc.)

Looks like an issue at session handling.

rj.seward’s picture

I believe my problem with this was caused by my installing Drupal into a subdirectory and then not setting the
$base_url = 'http://www.example.com'
directive in settings.php.

The following is from .htaccess:
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal

So, you may need to modify your .htaccess as well for a subdirectory install.

gamezland’s picture

Funny! Drupal is not in a subdirectory, but changing the $base_url to www.example.com has done the job for me.

Thanks a lot for pointing in the right direction ;)

Stoob’s picture

I added $base_url to settings.php and that solved the issue. Nothing else required. Thanks guys!!!

G-Sun’s picture

I had the same problem, but it's now fixed.

I changed:
* $base_url to www.example.com in settings.php
* had (an unintended) reinstall
* uncheched clean urls

And works fine. Huh!
Don't know if I'll try clean url's again or not..

Thanks all for your tips!


G-Sun’s picture

Checked my settings.php
The reinstall had changed the: $base_url to www.example.com to default

So it has to be clean urls then. The drupal-installer told me clean urls was ok. Bug?


YordanGeorgiev’s picture

For me this worked out:

go to mysql prompt ;
use myDrupalDatabase ;
truncate users ;
show * from users ;

go and login again ...

Stoob’s picture

I added $base_url (it was commented out) as http://www.mysite.com in sites/all/default/settings.php and that was all that was required to solve this problem for my site. I ran into the problem upgrading from 5.9 to 5.10. I had clear urls enabled and did not turn them off.

munyiva’s picture

I tried
1. adding $base_url
2. disabling clean urls by deleting the clean_url variable in variables table
3. Emptying cache tables
4. Clearing browser cache

after all the above i am able to login.

jnick’s picture

This suddenly happened for me too. Using a packet sniffer, I found that the cookie path was set to /tmp instead of /

Seems to be the same problem as discussed in many other threads such as http://drupal.org/node/261958#comment-857779

You have to override the server's cookie path settings. Either by adding "php_value session.cookie_path /" to the main .htaccess file, or the corresponding PHP code ini_set("session.cookie_path", "/"); in settings.php!

j. ayen green’s picture

I tried about 10 different things based on what were posted. In my case, it turned out that because my site is located in /localhost/domain/subdir, I had set the cookie path to that. Turns out the cookie path should have been just /localhost (this is a local development system, thus the need for /localhost ... otherwise / would suffice)

umesh sharma’s picture

The default access row was missing. Adding the following to the table resolved the issue:

INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);

PaulLeasure’s picture

I had the same problem. Here is what solved it for me.

the line: $cookie_domain = 'www.mywebsite.com.php5-9.dfw1-2.mywebsite.com';

in the setting file was set to the development site: "www.mywebsite.com.php5-9.dfw1-2.mywebsite.com"

But now that the site was in production and had the name servers pointing to the real domain I needed to change this to:
$cookie_domain = 'www.mywebsite.com';

Hope that helps someone. : )

goatsee’s picture

Ok I was having the same problem (couldn't log in to admin account suddenly after having logged in successfully for 2 months), getting "Access Denied" pages whenever I logged in through admin or user. I could tell that I was logging in as admin but that the site was blocking content from me, and couldn't figure out why, but figured it was a firewall setting as we've just set up a new ISP here at the office.

I looked at settings.php and saw that the base_url was set to "domain.org" with no "www." in front. It seems my new ISP won't take PHP processing from sites that don't have "www" in the base name, so I changed all of the occurrences (base_url and cookie_domain) to "www" and voila, I'm logged in.

Really annoying, cost me at least a full day of work to figure this out.

Hope that helps too!


magahugu’s picture

for me this workedÑ just run yoursite.com/update.php

even tho there are no updates, it sets you up!


salientknight’s picture

Don't forget to also set your $cookie_domain variable in settings.php this was the cause of my problem after making a copy of a site.

Mariano’s picture

look at what node_access_rebuild() does, since executing that once in a custom module solved all this weird access issues for me http://api.drupal.org/api/drupal/modules--node--node.module/function/nod...

muhammad.tanweer’s picture


I was facing the same issue and I got it solved by visiting the post settings page (www.example.com/admin/content/node-settings) and clicked the "Rebuild Permissions" button. That did the trick for me. FYI, i was getting the issue in Drupal 6.

Hope this helps someone.

Rhino-new’s picture

Just wanted to say thank you to rj.seward because this trick;

UPDATE sessions SET uid = 1;

Finally helped me. Thank you so much.