KB-1100 Users are redirected to the login page with a URL that contains "suite/personalization/setpassword.none" and nobody can successfully log in to the site

Symptoms

After starting the application server successfully, attempting to log into the environment using http will refresh the page with no error messages. This occurs regardless of whether the correct credentials were entered.

Note: If this is the first time accessing the environment or you are logging in after resetting your password, the redirect to the change password screen at <SERVER_AND_PORT>/suite/personalization/setpassword.none is expected behavior.

Cause

By default, session cookies are marked as "secure" and "httpOnly" for JBoss. Therefore, the default configuration is adapted to sites using https.

Action

Per the Post-Install Configurations, you will also need to adjust these defaults by removing the following lines from the session-config element in <APPIAN_HOME>/ear/suite.ear/web.war/WEB-INF/web.xml:

<cookie-config>
    <http-only>true</http-only>
    <secure>true</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>

If you are running an application server other than JBoss, you must consult the documentation provided by the application server vendor for how to configure a web application to use secure, HTTP-only, cookies and adjust web.xml accordingly.

Affected Versions

This article applies to all versions of Appian from Appian 7.11 to Appian 18.1.

Last Reviewed: September 2018

Related
Recommended