Django admin login fails on Heroku with correct credentials*

Using Django Mystery Errors
1

Hello,

I have a Django application deployed on Heroku, using a Heroku Postgres database. The main site, user registration (with django-allauth ), and other features are working correctly on the live URL.

However, I cannot log in to the Django admin panel (/admin ).

The Problem:

When I create a superuser via the Heroku CLI, the command reports “Superuser created successfully.” But when I try to log in at /admin with those exact credentials, I consistently get the error:

“Please enter the correct username and password for a staff account. Note that both fields may be case-sensitive.”

What I’ve Tried:

I have confirmed the user exists in the database and have tried multiple ways to ensure it has the correct permissions, but the login always fails.

  1. Standard createsuperuser : heroku run python manage.py createsuperuser (Reports success, but login fails.)
  2. Manually Setting Permissions: I’ve confirmed via the Heroku shell that the user has the correct flags set:
# heroku run python manage.py shell
from django.contrib.auth.models import User
user = User.objects.get(username='sxc')
print(user.is_staff, user.is_superuser) # This prints True, True
# Login still fails.
  1. Custom Management Command: I created a custom make_admin command to programmatically set the flags. The command runs successfully on Heroku, but the login still fails.
  2. Password Reset: Resetting the password via heroku run python manage.py changepassword sxc also succeeds but does not fix the login issue.

Key Configuration:

My settings.py includes standard production settings for Heroku:

  • Database: dj_database_url is used to connect to the Heroku Postgres add-on.
  • Authentication: django-allauth is configured as an authentication backend alongside the default ModelBackend .
  • Security Middleware: whitenoise , SessionMiddleware , and AuthenticationMiddleware are all present and in the standard order.
  • HTTPS Settings: SECURE_SSL_REDIRECT , SESSION_COOKIE_SECURE , and CSRF_COOKIE_SECURE are all set to True .

It feels like the user data is correct in the database, but something during the authentication or session process for the /admin login is failing specifically in the Heroku environment.

Has anyone encountered a similar issue where a superuser cannot log in to the admin panel despite having the correct credentials and database flags? Any insight would be greatly appreciated.

Thank you.

2

Go to settings.py and turn these to False:
SECURE_SSL_REDIRECT = False
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False

Then try redeploying. This should work for a temporary fix.