Disable max session size in admin - Unable to login to admin anymore

[engcom-November]

Preconditions (*)

2. Magento 2.4-develop, 2,4,4

Steps to reproduce (*)

1. Store > Settings > Configuration. - Advanced and choose System - Security - set Max Session Size in Admin to 0 and save
2. Login to admin

Expected result (*)

1. [Screenshots, logs or description]
2. Login works

Actual result (*)

1. [Screenshots, logs or description]
2. Unable to login

---

Please provide Severity assessment for the Issue as Reporter. This information will help during Confirmation and Issue triage processes.

• Severity: S0 - Affects critical data or functionality and leaves users without workaround.
• Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
• Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
• Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
• Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.

[m2-assistant]

Hi @engcom-November. Thank you for your report.
To speed up processing of this issue, make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, review the Magento Contributor Assistant documentation.

Add a comment to assign the issue: @magento I am working on this

To learn more about issue processing workflow, refer to the Code Contributions.

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

⚠️ According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[mgwalk]

I am getting the same issue.
I see admin login
Enter user and pass.
Page looks like it just refreshes

[engcom-Delta]

Hi @engcom-November ,
We have verified this issue on Magento 2.4 develop and 2.4.4 instances. Found that issue is reproducible on both instances.
Hence issue is confirmed.
Please find the attaches screenshots for reference.

1. Login to admin
2. Store > Settings > Configuration. - Advanced and choose System - Security - set Max Session Size in Admin to 0 and save

3. observe that user logged out 4. Login to admin again

[github-jira-sync-bot]

✅ Jira issue https://jira.corp.magento.com/browse/AC-2883 is successfully created for this GitHub issue.

[m2-assistant]

✅ Confirmed by @engcom-Delta. Thank you for verifying the issue.
Issue Available: @engcom-Delta, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

[mgwalk]

I was able to fix by updating frontend and admin before upgrading to 2.4.4.
I also had magefan blog which needed updated.

[taintedstephen]

I had the same issue because I set the session size to 0 before this release to fix a different issue. You can update the value back to default via the cli to resolve this issue:

bin/magento config:set system/security/max_session_size_admin 256000

[nisha-vaghela]

@magento I am working on this

[hostep]

Possible solution from #35414, credits to @advocat:

Root Cause
magento2/lib/internal/Magento/Framework/Session/SaveHandler.php

Line 129

if ($sessionSize !== null && $sessionMaxSize < $sessionSize) {

Should be:

if ($sessionMaxSize !== null && $sessionMaxSize < $sessionSize) {

[VincentMarmiesse]

I had the same issue because I set the session size to 0 before this release to fix a different issue. You can update the value back to default via the cli to resolve this issue:

bin/magento config:set system/security/max_session_size_admin 256000

On my store, 256000 was not enough, and I have setted 512000.

Be careful, there is also a frontend limit: system/security/max_session_size_storefront.

[nisha-vaghela]

@magento give me test instance

[magento-deployment-service]

Hi @nisha-vaghela. Thank you for your request. Comments like @magento give me test instance are intended for instance deployments on Pull Requests. Please use comment like: @magento give me 2.4-develop instance to request an instance on an issue.

[nisha-vaghela]

@magento give me 2.4-develop instance

[magento-deployment-service]

Hi @nisha-vaghela. Thank you for your request. I'm working on Magento instance for you.

[magento-deployment-service]

Hi @nisha-vaghela, here is your Magento Instance: https://1a763092db6e9678305e6caaa6bd4f30.instances.magento-community.engineering
Admin access: https://1a763092db6e9678305e6caaa6bd4f30.instances.magento-community.engineering/admin_04f3
Login: 1e65beaa
Password: c75cc7525f70

[glo71317]

Based on the priority internal team is working on the automation test and will deliver soon for 2.4.5 release

[engcom-Alfa]

Hello @engcom-November
As I can see this issue got fixed in the scope of the internal Jira ticket AC-2883 by the internal team
Related commits: https://github.com/magento/magento2/search?q=AC-2883&type=commits

Based on Jira, target version is 2.4.5

[kevinjavitz]

Just as another note if the customer side session is at 0 or the system/security/max_session_size_storefront path you will get an error like this when adding to cart: There is an error. Please Contact store administrator coming from vendor/magento/framework/Session/SaveHandler.php:133 so it is really not obvious when debugging where this error is coming from, I'm adding this note hoping that when people google this issue this page will come up, again the fix it doing:

bin/magento config:set system/security/max_session_size_storefront 256000