Cpanel requires user name and password each time I login now.

Category: Cpanel

rgoldman
Asked:
2013-11-27 3:49 pm EST

Hits: 1,351
AS of this week, there is no longer an option for "keep me logged in" or "remember me" on my cpanel login. I am required to enter the user name and password each time. What happened to the old feature?

Thanks.

You must login before you can ask a follow up question.

You must login before you can submit an answer.

OTHER ANSWERS

0

Arn
Staff
17,354 Points
2013-11-27 4:09 pm EST
Hello Rgoldman,

Thanks for the question! If you have a copy of the URL with the security token, then the system will keep you logged into the same session as you were in when you logged in previously. For example:


If you login, to your cPanel, you should see something like this:

https://secure100.inmotionhosting.com:2083/cpsess834553135/frontend/x3/index.html?post_login=1234568900

The security token starts with "cpsess..." above. If you keep that in the URL when you access the cPanel again, then you will be placed back in that same session that you used before without having to use your credentials.

There was a recent update to the cPanel on your web server to update security. This is the cause for the change in the login procedure that you are seeing. A random security token will now be added each time you login to the cPanel. If you don't use the URL with the security token, then you will be required to use your login credentials.

If you have any further questions, please let us know!

Regards,
Arnel C.

You must login before you can post a comment about this answer.

Really doesn't do any good though. I tried your example and I still get right back to the login page. I understand the need for security updates but just like healthcare, what's good for one person isn't always necessary or better for another. It would be nice if we had a choice before updates were implemented on whether or not we want/need them for out particular situation.
rgoldman
8 Points
2013-11-27 8:07 pm EST
Hello rgoldman,

I'm sorry that the new cPanel 11.38 enforcing security tokens is an inconvenience for you.

As Arnel was mentioning if you try to access cPanel again with the same cpsess... session, while that session is still active, you'll get right in. But if your session expires, you will be required to log back in.

The main reason why cPanel made this update and then forced a roll-out, is to help stop CSRF or (Cross-site request forgery) attacks. As online attacks are at all time historical highs, unfortunately security typically trumps the user experience for these types of matters.

A basic example of this would be that you could be logged into your cPanel interface at a coffee shop, and then an attacker monitoring traffic could see that you've successfully logged into cPanel. They could then attempt to forge a request to the server pretending to be your computer. Since the server knew your computer logged in, it would allow that forged user to not have to login because it thinks you're the same client, and then the next thing you know they could delete all your email accounts or worse access your file manager and upload malicious files without your knowledge.

Because cPanel now utilizes security tokens, if an attacker would attempt to forge a request to the server, it would see that the unique security tokens don't match up, and it would ask for the cPanel credentials again to verify this is still a valid user and client, thus protecting yourself from possible account compromises.

On a VPS, or a dedicated server, you could opt to not run the STABLE release of cPanel, to avoid this security update. However it wouldn't be advisable to do so, because as more and more cPanel servers are updated, it leaves a much smaller pool of non-updated servers that attackers will strictly go after, knowing they're easier to exploit than the latest release.

If you had any other questions at all, please let us know!

- Jacob
JacobIMH
9,968 Points
Staff
2013-11-27 8:48 pm EST
0

JacobIMH
Staff
9,968 Points
2013-11-27 7:49 pm EST
Hello rgoldman,

Sorry for the inconvenience, as Arnel had mentioned, this is due to cPanel 11.38 enforcing security tokens.

That article should explain everything, and if you had any further questions, please let us know!

- Jacob

You must login before you can post a comment about this answer.

Like this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!