romanw
October 3, 2025, 12:43pm
#1
I still have an the issue with strapi 5.25.0.
My Github Repo is on strapi 5.25.0, which workes with node 20.11 on my local machine.
If I deploy with cleavr (push from Github or manually), cleavr is reporting an successfull deployment.
Then I get a 502 error for a short while and then strapi is back with the old version.
The artifact-directory points to the deployment with strapi 5.23.6.
The current and latest-directories point to the last deployment with 5.25.0.
If I change cwd in the PM"-settings from cwd: “/home/strapi/xxxxxx.com/artifact” to cwd: “/home/strapi/cms.woka.com/current”, the Login page is shown, but when loggin in, strapi shows an “internal server error”-message.
I also tried to deploy to a new site with the same DB. But then also I get the strapi error message at login.
So 2 things: Why is cleavr not deploying the latest version? Why is there a server error in strapi 5.25.0?
anish
October 7, 2025, 4:42pm
#2
Hello @romanw ,
We’re investigating the deployment issue with Strapi 5. Is it the case that you’re trying to update a project that was previously deployed with Strapi 5.23.6 to version 5.25.0?
anish
October 7, 2025, 6:10pm
#3
Hello @romanw ,
It looks like Strapi is experiencing some issues with versions 5.24.x and 5.25.x. Below are some links to discussions where users have shared that they’re also encountering similar issues, particularly internal server errors during login or signup.
opened 07:02AM - 25 Sep 25 UTC
issue: bug
severity: medium
source: core:admin
status: pending reproduction
version: 5
source: core:core
### Node Version
22.19.0
### NPM/Yarn/PNPM Version
NPM 10.9.3
### Strapi Ver… sion
5.24.0
### Operating System
Linux (Other)
### Database
PostgreSQL
### Javascript or Typescript
Typescript
### Reproduction URL
_No response_
### Bug Description
I'm facing issue in my production environment when trying to authenticate in strapi admin panel after upgrading from 5.23.6 to 5.24.0 version. Server returns `500 Internal Server Error`.
Strapi log says:
`error: Failed to create admin refresh session Cannot send secure cookie over unencrypted connection`
After upgrading strapi, I added settings according to issue [#24346](https://github.com/strapi/strapi/pull/24346) description like this:
```js
// config/admin.js
export default ({ env }) => ({
auth: {
secret: env('ADMIN_JWT_SECRET'),
sessions: {
// some default settings...
},
cookie: {
sameSite: 'lax',
path: '/admin',
domain: 'api.mydomain.com',
},
},
url: 'dashboard',
// ...
});
```
```js
export default ({ env }) => ({
'users-permissions': {
config: {
jwtManagement: 'refresh',
sessions: {
// some default settings...
cookie: {
// some default settings...
domain: 'api.mydomain.com',
secure: env.bool('UP_SESSIONS_COOKIE_SECURE', process.env.NODE_ENV === 'production'),
},
},
},
},
});
```
However, I'm able to login to the admin panel in my local development environment.
Authentication for ordinary users works fine in both development and production environments.
### Steps to Reproduce
1. Upgrade working strapi project from 5.23.6 to 5.24.0 version.
2. Run strapi backend on server behind nginx reverse proxy (in docker container in my case).
3. Try to login to admin panel, and get 500 error.
### Expected Behavior
Successfully login to the strapi admin panel.
### Logs
```shell
error: Failed to create admin refresh session Cannot send secure cookie over unencrypted connection
```
### Code Snippets
_No response_
### Media
_No response_
### Additional information
_No response_
### Confirmation Checklist
- [x] I have checked the existing [issues](https://github.com/strapi/strapi/issues) for duplicates.
- [x] I agree to follow this project's [Code of Conduct](https://github.com/strapi/strapi/blob/develop/CODE_OF_CONDUCT.md).
opened 07:12PM - 03 Oct 25 UTC
closed 02:10PM - 06 Oct 25 UTC
issue: bug
severity: medium
source: core:core
### Node Version
Tested with Node.js v18.20.8 (LTS) and v22.16.0 (Current) – is… sue occurs on both
### NPM/Yarn/PNPM Version
npm 10.x – version does not affect the issue
### Strapi Version
5.25.0 (bug occurs) 5.22.0 (works as expected)
### Operating System
Linux (Debian/Ubuntu)
### Database
PostgreSQL
### Javascript or Typescript
Typescript
### Reproduction URL
_No response_
### Bug Description
# Strapi 5.24.0+ Admin Login Errors – Solutions
## Errors
1.
```
error: Failed to create admin refresh session Cannot send secure cookie over unencrypted connection
http: POST /admin/login (213 ms) 500
```
2. Login returns `200` but does not save JWT token → session cannot be created
**Reason:** version mismatch
---
## Solution (Docker – Server)
1. **Downgrade Strapi to 5.22.0**
```bash
cd /path/to/project/backend
# remove ^ from package.json for version locking
sed -i 's/"@strapi\/\([^"]*\)": "\^/"@strapi\/\1": "/g' package.json
cat package.json | grep "@strapi"
```
Expected output:
```json
"@strapi/admin": "5.22.0",
"@strapi/plugin-cloud": "5.22.0",
"@strapi/strapi": "5.22.0",
```
2. **Clear cache and lock files**
```bash
cd backend
rm -rf .cache build package-lock.json
```
3. **Update Dockerfile**
If you have:
```dockerfile
RUN npm ci --only=production && npm cache clean --force
```
Change to:
```dockerfile
RUN npm install --omit=dev && npm cache clean --force
```
4. **Rebuild Docker**
```bash
docker-compose down
docker rmi project_backend
docker-compose build backend --no-cache
docker-compose up -d
```
5. **Browser cleanup (if needed)**
```javascript
localStorage.clear();
sessionStorage.clear();
location.reload();
```
---
## Solution (Local – Development)
1. **Align versions**
```bash
npm install @strapi/strapi@5.22.0 @strapi/admin@5.22.0 @strapi/plugin-cloud@5.22.0
npm list @strapi/admin
# should be 5.22.0
```
2. **Clear cache and build**
```bash
rm -rf .cache
rm -rf build
rm -rf node_modules
rm package-lock.json
npm install
```
3. **Browser cleanup**
```javascript
localStorage.clear();
sessionStorage.clear();
location.reload();
```
---
With these steps, both the **secure cookie error** and the **JWT token persistence issue** are resolved.
### Steps to Reproduce
1. Start a new Strapi project with version 5.24.0 or higher (tested with v5.25.0).
2. Use PostgreSQL as the database.
3. Run inside Docker (Ubuntu 22.04 host).
4. Try logging into the admin panel.
5. Either:
- See the secure cookie error in the logs.
- Or receive a 200 response but no session is created (JWT not saved).
### Expected Behavior
- Admin login should work without errors.
- Secure cookie handling should not fail when behind proxy or in HTTP (before SSL is configured).
- JWT token should persist across restarts if ADMIN_JWT_SECRET is defined in .env.
### Logs
```shell
error: Failed to create admin refresh session Cannot send secure cookie over unencrypted connection
http: POST /admin/login (213 ms) 500
```
### Code Snippets
// package.json (working config after downgrade)
"@strapi/admin": "5.22.0",
"@strapi/plugin-cloud": "5.22.0",
"@strapi/strapi": "5.22.0"
# Dockerfile fix
RUN npm install --omit=dev && npm cache clean --force
### Media
_No response_
### Additional information
The issue started appearing after deleting package-lock.json / node_modules / build / .cache and reinstalling dependencies with `npm install`.
Same behavior observed both locally and in Docker (server).
Downgrading all @strapi packages to v5.22.0 fixed the issue.
### Confirmation Checklist
- [x] I have checked the existing [issues](https://github.com/strapi/strapi/issues) for duplicates.
- [x] I agree to follow this project's [Code of Conduct](https://github.com/strapi/strapi/blob/develop/CODE_OF_CONDUCT.md).
To fix the internal server error issue, you can downgrade to version 5.23.x, as the issue is still being investigated.
I can see that the current and artifact folders are associated with different releases in your setup. We’re further investigating the issue and will get back to you once we have an update.
Please let us know if you encounter any other issues or have any additional queries.