Discussion

Session Cookie Issue Prevents Login

Summary

A session cookie issue has been discovered in Pega Platform versions 8.1.0 – 8.1.3. This issue has the potential to prevent users from being able to log in to the system.

This document provides details of the issue, a recommended remediation approach if the issue is encountered, as well as short-term methods to avoid the problem and a long-term solution path.

Issue Details

When the session cookie issue is encountered, users may be unable to log in to the system. Users may connect to the system and interact with the login page. However, after entering valid credentials and clicking the ‘Login’ button, the page will refresh and re-display the starting login screen (without the credentials). Users that are already in the system before the issue starts may continue to work. However, new users will not be able to log in to the system.

Remediation Steps if Encountered

If this issue is encountered, the problem may be resolved by restarting all web nodes in the cluster. When the nodes start back up a new session cookie will be initialized, and users may log in to the system without issue. See the sections below regarding Short-Term Issue Avoidance, and Long-Term Solution Steps for more information about how to further address this issue.

Long-Term Solution

This issue is remediated by updating to Pega 8.1.4, Pega 8.2.1 or higher.

Short-Term Solution

If updating is not feasible in the short-term, Pegasystems is making hotfix packages available:

  • Pega 8.1.0: HFIX-52812
  • Pega 8.1.1: HFIX-52813
  • Pega 8.1.2: HFIX-52814
  • Pega 8.1.3: HFIX-52815

These hotfixes avoid the issue by disabling the encryption key update process that occurs every 90 days. Because the hotfixes disable regular encryption key updates, they are only meant to be used as a *temporary measure* to avoid the issue. The long-term solution to this problem corrects the underlying issue and reinstates the 90-day key update process.

To request a hotfix, submit a Support Request to Pega Global Client Support.

IMPORTANT NOTE: Post hotfix installation you *must* update to Pega 8.1.6, Pega 8.2.2, or higher for the long-term resolution to the issue.

Questions

If you have questions or concerns about this information, please contact Pega Global Client Support. Be sure to reference this article when entering a Support Request.

Group Tags

Comments

Keep up to date on this post and subscribe to comments