Are you suddenly seeing a number of silent errors “Session size exceeded allowed session max size” on your log files (system.log/support_report.log) recently?
A series of version upgrades has been ongoing for the past 2 months due to the serious security warning from Adobe back in Aug 11, 2021 where “successful exploitation could lead to arbitrary code execution.”
Major version upgrades for our projects to 2.4.x were in the pipeline, however the security warning has caught us by surprise given that it was a priority 2 threat.
Since then, a couple of projects with older versions of Magento 2.3.x have actively upgraded to 2.3.7-p1 where security patches have been introduced for the 2.3.x versions.
While upgrading, one of the common issues we have encountered is Session Size that came out of no where. Errors such as “Session size exceeded allowed session max size” have been noted for the past few days for our projects, and it was quite a silent error if developer has not been looking into the system.log or support_report.log files.
This error eventually surfaced due to a 500 error which happened when we were working on the Product Attribute Bulk Update for Catalog content update.
[] report.WARNING: Session size of 581711 exceeded allowed session max size of 256000. [] [] [] report.WARNING: Session size of 581311 exceeded allowed session max size of 256000. [] []
After some Google and Stack Overflow, the issue is caused by 2 configurations under
Stores > Setting > Configuration > Advanced > System > Security
/admin/system_config/edit/section/system/
– Max Session Size in Admin, default: 256000
– Max Session Size in Storefront, default: 256000
These 2 values are responsible for the errors that are seen in the logs, and they can be set to 0 for disabled, or a higher value which will fit your project.
Alternatively, if you are CLI buff, you can run the command below to do the same thing.
bin/magento config:set system/security/max_session_size_admin 0 bin/magento cache:flush
These commands will set the Max Session Size in Admin to 0 (which will disable any limit) and a cache flush for the configuration to take effect.
Leave a comment if it solves your issue!
2 thoughts on “Session size exceeded allowed session max size – Magento 2”
Comments are closed.