Having Trouble Logging into Magento 2 Admin?

 If after upgrading to version 2.4.4, you cannot log in to your Magento admin panel, do not panic, this guide will help you solve the problem. Magento updates are a great way to enhance the functionality of the platform and introduce new features; however, sometimes, they can also pose certain challenges. An issue that has been reported frequently is that the admin login page just reloads without displaying any error message in Magento 2.4.4. This has happened to many users after entering their credentials.

Why Does This Happen?

In Magento 2, there is a built-in feature that helps in securing the sessions to avoid situations such as server crashes and cyber attacks. The default maximum session size is 256KB (256,000 bytes).

However, during the upgrade, this setting may be reset to ‘0,’ which ends admin sessions right after they start. This leaves the users trapped on the login page.

Some users also encounter this issue when creating orders in the Admin panel. If one adds too much information to an order, Magento logs the admin out automatically. The error log may show the following message:

report.WARNING: Session size of XXXXXX exceeded allowed session max size of 256000

To fix this, one can either increase the size limit of the session or disable it altogether.

Understanding Session Management in Magento 2

Session management in Magento 2 is created to avoid Denial of Service (DoS) attacks.  It assists in securing the APIs by setting a limit on the size of the session to keep off harmful requests.

A session is the conversation between a client and a server wherein a set of HTTP requests and responses is exchanged. You can set the maximum size of the session for both the admin and customers in Magento.

For example, if the session size limit is set to 256000 bytes, and the admin session exceeds this limit, it will automatically expire, leading to a Magento Admin login issue.

How to Fix Magento Admin Login Issue

To fix this problem with the session size limit exceeded, make the session size larger for admin by running the following command in your terminal:

bin/magento config:set system/security/max_session_size_admin 2560000

This ensures that the session size is increased to 2.56MB, leading to successful logging in.

Alternative Solution: Disable the Session Size Limit

If the problem remains, you can disable the limit of session size completely. You can do this in two ways:

Using the Admin Panel:

1. Go to Stores > Settings > Configuration in the Magento Admin sidebar.
2. Under Advanced, select System.
3. Open the Security section.
4. Set Maximum Session Size in Admin to 0.
5. Click Save.

Using the Command Line:

Run the following command:

php bin/magento config:set system/security/max_session_size_admin 0

This will remove the restriction of the session size for the Admin panel.

Important Note from Adobe Commerce

The Adobe Commerce User Guide states:

“Setting the value too low can cause issues. If you set either of the options below the default of 256000 bytes, you see a warning message. If you click No, the system changes the value to 256000.”

Thus, to avoid any login issues, you should keep the session size at a reasonable value.

Permanent Fix: Upgrade to Magento 2.4.5

Magento has fixed this login issue in the newer version 2.4.5. To avoid this problem in the future, consider upgrading to the latest version.

Conclusion

If you’re having a Magento Admin login Issue due to session size limits, increasing or disabling the limit using the steps described above will solve the problem. As a long-term fix, upgrading to Magento 2.4.5 is recommended.