E-PORTAL: Refresh-List Cookie Value can get very long, breaking IE's 4K limit, IE users unable to login (Doc ID 2135057.1)

Last updated on MAY 09, 2016

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.54 to 8.55 [Release 8.4]
Information in this document applies to any platform.

Symptoms

The refresh-list cookie stores the list of homepage tabs.  If there are many homepage tabs used, the refresh-list cookie value could grow above the 4k limit of the IE browser.  When this happens, it will conflict with other cookie values, and for example prevent other set-cookie commands from completing.  The symptoms could be that IE users are not able to login, or their session is lost.

The issue can be confirmed via a Fiddler trace, or HTTP Header trace in general, where you will see on login a set-cookie command for a very long refresh-list cookie value that grows above 4000 characters.  For example:

Set-Cookie: https%3a%2f%2ftest.server.com%2fpsp%2fps%2femployee%2fempl%2frefresh=list: %3ftab%3dpapp_guest|%3frp%3dpapp_guest|%3ftab%3dtesthealth|%3frp%3dtesthealth|%3ftab%3dtesthealth_link|%3frp%3dtesthealth_link|%3ftab%3dtesthealth_medical|%3frp%3dtesthealth_medical|%3ftab%3dtesthealth_medical_sp_bensum|
%3frp%3dtesthealth_medical_sp_bensum|%3ftab%3dtesthealth_perscription|%3frp%3dtesthealth_perscription|%3ftab%3dtesthealth_life_insurance_link|%3frp%3dtesthealth_life_insurance_link|%3ftab%3dtesthealth_life_insurance|
%3frp%3dtesthealth_life_insurance|%3ftab%3dtesthealth_disability_link|%3frp%3dtesthealth_disability_link|%3ftab%3dtesthealth_disability|%3frp%3dtesthealth_disability|%3ftab%3dtesthealth_legal_link|%3frp%3dtesthealth_legal_link|
%3ftab%3dtesthealth_legal|%3frp%3dtesthealth_legal|%3ftab%3dtesthealth_volben|%3frp%3dtesthealth_volben|%3ftab%3dtestwealth|%3frp%3dtestwealth|%3ftab%3dtestwealth_link|%3frp%3dtestwealth_link|%3ftab%3dtesttime_link|
%3frp%3dtesttime_link|%3ftab%3dtesttime|%3frp%3dtesttime|%3ftab%3dtestcareer_link|%3frp%3dtestcareer_link|%3ftab%3dtestcareer|%3rp%3dtestcareer|%3ftab%3dtestwellness|%3frp%3dtestwellness|%3ftab%3dtestwellness_link|
%3frp%3dtestwellness_link|%3ftab%3dtestperks|%3frp%3dtestperks|%3ftab%3dtestperks_link|%3frp%3dtestperks_link|%3ftab%3dtestnew_hires_link|%3frp%3dtestnew_hires_link|%3ftab%3dtestnew_hires|%3frp%3dtestnew_hires|
%3ftab%3dtestnew_hires_pre_employment_lk|%3frp%3dtestnew_hires_pre_employment_lk|%3ftab%3dtestnew_hires_pre_employment|%3frp%3dtestnew_hires_pre_employment|%3ftab%3dtestnew_hires_onboarding_link|
<...continuing long text string snipped out...>
%3ftab%3dremoteunifieddashboard|%3frp%3dremoteunifieddashboard; domain=.server.com; expires=Thu, 21-Apr-2016 01:53:01 GMT; path=/; secure

Following the above set-cookie command, there maybe other set-cookie commands for other PIA cookies including PS_LOGINLIST, PS_TOKENEXPIRE, PS_TOKEN, PS_DEVICEFEATURES, etc.  But these set-cookie commands will not be carried out because of the long refresh-list set cookie above.  The end result is that in the next request, one will not see the PS_LOGINLIST, PS_TOKENEXPIRE, PS_TOKEN, PS_DEVICEFEATURES, etc. cookies set, resulting in an invalid session for the user.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms