Session Cookie Issue Prevents Login
A session cookie issue has been discovered in Pega Platform versions 8.1.0 – 8.1.3. This issue has the potential to prevent users from being able to log in to the system.
This document provides details of the issue, a recommended remediation approach if the issue is encountered, as well as short-term methods to avoid the problem and a long-term solution path.
When the session cookie issue is encountered, users may be unable to log in to the system. Users may connect to the system and interact with the login page. However, after entering valid credentials and clicking the ‘Login’ button, the page will refresh and re-display the starting login screen (without the credentials). Users that are already in the system before the issue starts may continue to work. However, new users will not be able to log in to the system.
Remediation Steps if Encountered
If this issue is encountered, the problem may be resolved by restarting all web nodes in the cluster. When the nodes start back up a new session cookie will be initialized, and users may log in to the system without issue. See the sections below regarding Short-Term Issue Avoidance, and Long-Term Solution Steps for more information about how to further address this issue.
This issue is remediated by updating to Pega 8.1.4, Pega 8.2.1 or higher.
If updating is not feasible in the short-term, Pegasystems is making hotfix packages available:
- Pega 8.1.0: HFIX-52812
- Pega 8.1.1: HFIX-52813
- Pega 8.1.2: HFIX-52814
- Pega 8.1.3: HFIX-52815
These hotfixes avoid the issue by disabling the encryption key update process that occurs every 90 days. Because the hotfixes disable regular encryption key updates, they are only meant to be used as a *temporary measure* to avoid the issue. The long-term solution to this problem corrects the underlying issue and reinstates the 90-day key update process.
To request a hotfix, submit a Support Request to Pega Global Client Support.
IMPORTANT NOTE: Post hotfix installation you *must* update to Pega 8.1.6, Pega 8.2.2, or higher for the long-term resolution to the issue.
If you have questions or concerns about this information, please contact Pega Global Client Support. Be sure to reference this article when entering a Support Request.
Keep up to date on this post and subscribe to comments