search

magento / magento2

Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, available here at: https://opensource.adobe.com/cla.html. All Submissions you make to Adobe Inc. and its affiliates, assigns and subsidiaries (collectively “Adobe”) are subject to the terms of the Adobe Contributor License Agreement.
http://www.magento.com
Open Software License 3.0
11.47k stars 9.28k forks source link

Session size of 276672 exceeded allowed session max size of 256000 - but in Magento 2.4.3 backend #33748

Closed groomershop-mt closed 2 years ago

groomershop-mt commented 3 years ago

UPDATE: as per discussion, we agreed that is ok to have a low limit for session size to prevent DDOS attacks, value can be changed via the admin panel if needed. Another problem that should be addressed is - suppressed problem, without any error notification to the user and solution for the issue should be provided.

After upgrading to Magento 2.4.3, when we log into backend (admin panel), everypage hangs/is loading about 30 seconds.

In logs we see exceptions: Session size of 276672 exceeded allowed session max size of 256000.

We are ursing Redis for sessions.

Does anybody else have similar issue after upgrading to Magento 2.4.3?

From redis-cli monitor we see that in each second is repeated: 1628681344.757076 [3 127.0.0.1:34310] "hincrby" "sess_1g2sgh25saul85a424puad785d" "lock" "1"

Steps to reproduce (*)

Upgrade Magento 2.4.2-p1 to 2.4.3 Configured Magento to use Redis for session storage Stores -> Configuration -> Advanced -> System -> Security - Max Session Size in Admin and Max Session Size in Storefront set to 100 and Saved Navigate to any page from Admin -

Expected result (*)

It should not break/impact any store functionality

Actual result (*)

Page load time is increased to more than 30 sec

github-jira-sync-bot commented 2 years ago

Unfortunately, not enough information was provided to create a Jira ticket. Please make sure you added the following label(s): Reproduced on 2.4.x, ^Area:.*

Once all required labels are present, please add Issue: Confirmed label again.

github-jira-sync-bot commented 2 years ago

:x: Cannot export the issue. This GitHub issue is already linked to Jira issue(s): https://jira.corp.magento.com/browse/AC-1170

drew7721 commented 2 years ago

Hello,

Just want to report that this is also happening in version 2.3.7-p2

It would be nice to mention this in the release notes as currently there is no mention at the moment.

ihor-sviziev commented 2 years ago

@sidolov @sivaschenko why this issue was closed without any comments?

hostep commented 2 years ago

It's probably because of AC-1170 Session size of 276672 exceeded allowed session max size of 256000 which got merged an hour ago.

It would also be very nice if an answer could come to this question I posted yesterday.

mrtuvn commented 2 years ago

new-message Now how we deal with this. Tested in latest code base. Seem admin no longer able to login from my instance Any miss config ?

evs-xsarus commented 2 years ago

@mrtuvn that seems to be fixable by setting the frontend max session size because of this check: https://github.com/magento/magento2/blob/2.4-develop/lib/internal/Magento/Framework/Session/SaveHandler.php#L133

./bin/magento config:set system/security/max_session_size_admin 1048576
./bin/magento config:set system/security/max_session_size_storefront 1048576

Replace 1048576 with a size you that suits you.

luancschmitz commented 2 years ago

Upon upgrading from 2.3.7 to 2.4.3 I was unable to complete an admin login, the MFA would succeed and then loop back to asking for the MFA again. Chased this for hours thinking it was a MFA issue. Simply disabling Two Factor Authentication would allow a successful login and all looked good. The looping on MFA was apparently related to the session limit issue. The default value for 'session limit' was 256000 and needs to be much larger at least for our installation. Increased to 512000, which resolved the issue.

thanks @n2diving-dgx this solved my problem.