[SOLVED] Unable to access WEB Interface: login redirects "endlessy", removing password leads to "expired token" error

Suddenly I am unable to log-in into the Pi-hole WEB Interface, even though my password is correct and I tried with a new password.

Expected Behaviour:

Accessing the WEB-UI Interface should prompt for the log-in password and then allow browsing/customization.

Actual Behaviour:

This is what happens, in particular:

1) Web Admin Interface is active and reachable: when I try to log-in I'm redirected on the Dashboard like I'm not logged in. (fewer data, no lateral menu)
2) If I log-in by CTRL+ENTER then I'm correctly redirected to the Settings panel and the lateral menu shows all the options. But trying to access any other section or simply trying to load the Dashboard leads back to 1)
3) If I disable password for the WEB Interface via "sudo pihole -a -p" command the interface will show all details but I'm unable to apply any change. If I try to edit something (for example: adding a blacklist entry) the following error is displayed: "Session expired! Please re-login on the Pi-hole dashboard."
4) I tried "all the usual suspects": browser, cache, extensions, cookie settings, etc. with no luck. I even uninstalled and re-installed Pi-hole with the same results.
5) I am NOT running Debian Buster. I am NOT using a Raspberry Pi 4.
6) I am using Apache2 as web server instead of lighttpd; I have checked the logs: no errors are reported.
7) I have also noticed that Pi-hole is failing to create the session cookie, either with the "remember me for 7 days" option selected or without it.
8) When logging in via 2) I can see the session timer countdown in the upper right corner menu.
9) I have flushed the logs, nothing changes.

Previous Similar Posts:

I did search before posting this issue, and I found some similar posts but none of the identified cause/problem applies to my situation:

• As per https://discourse.pi-hole.net/t/wont-allow-me-to-login/12218: problem is not the free space.
• As per https://discourse.pi-hole.net/t/pi-hole-interface-is-logging-me-off-directly-after-login/4301/8: the file /etc/pihole/pihole-FTL.db is not present.
• As per https://discourse.pi-hole.net/t/unable-to-login-to-web-interface/10453: not my problem, Pi-hole is accessible without router-based-DNS conflicts.

Debug Token:

https://tricorder.pi-hole.net/rlztbjbe3q

System Details:

Raspbian GNU/Linux 9 (stretch)
Version: 9 (stretch)
Hardware: Raspberry Pi 3 B+

You are running Apache2 and it is occupying port 80 - thus lighttpd cannot run. From your debug log:

[*:80] is in use by lighttpd
*:443 apache2 (IPv6)

*** [ DIAGNOSING ]: Pi-hole processes
[✗] lighttpd daemon is failed

*** [ DIAGNOSING ]: Dashboard and block page
[✗] Block page X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 403 Forbidden
Date: Mon, 01 Jul 2019 17:53:56 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=iso-8859-1


[✗] Web interface X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 200 OK
Date: Mon, 01 Jul 2019 17:53:56 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=kopergdu8ihtqco3mkhhq038j5; path=/;HttpOnly;Secure
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8

Thank you @jfb. I was just going to post my solution to this issue since I realized Lighttpd was needed and that some configuration files (created by the pi-hole installer I presume, since I have never used nor installed before Lighttpd) need to be adjusted in order to work.

Please provide detailed and exact proof for your claims and conclusions. We do not, in any way, shape, form, or fashion utilize TOR.

Thank you for the clarification.
I have never installed TOR nor Lighttpd in the past on this machine, I have found about it while troubleshooting the issue with Pi-hole: this is what led me to think the two were connected. But, as I said, I was dubious about it.

Tomorrow morning (actually, in a few hours local time) I'll ask the other admin If he tried something with TOR in the last days without telling me.

No, you made a bolded statement that Pi-hole uses TOR without any kind of proof or back up for your claims.

Sorry for the trouble, post deleted. Thank you for your time and bed my pardon for beeing un-precise due to my inexperience.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.