Summary

After updating Chrome to version 84, users accessing the repository in the web client using an insecure connection (HTTP) rather than a connection secured by SSL/TLS (HTTPS) may encounter one of the following symptoms when signing in:

• The sign-in page refreshes after providing credentials and the user remains on the sign-in page.
• They receive a "The maximum number of sessions has been reached. [9030]" error

This issue is not encountered when using the recommended practice of securing the connection.

Note: This article was written for Chrome version 84. As the issue described in it does not occur when using recommended practices for securing connections, Laserfiche will not be maintaining the instructions in this article through any subsequent changes in newer versions of Chrome.

Google has recently enforced stricter security practices when accessing sites through Chrome, and now includes additional restrictions with insecure connections. See SameSite Updates for more information.

Workaround

We recommend updating your Laserfiche server to use SSL/TLS, which resolves this issue and also ensures better security.

We do not recommend continuing to use an insecure connection (HTTP), as it does not protect your data in transit. However, if you are unable to use SSL/TLS, you can perform the following steps:

1. Turn off secure cookies. See Knowledge Base article 1014122: Turning Off Secure Cookies for Laserfiche Web Client 10.4.2 for more information.
2. Open the outboundRules.config file, located at C:\Program Files\Laserfiche\Web Access\Web Files\
3. Modify lines 4, 8, and 15, changing SameSite=None to one of the following:

   SameSite=Lax

   SameSite=Strict

   See SameSite Cookies Explained for the difference between these options.
4. Recycle the settings for the WebAccessAppPool. See Recycling Settings for an Application Pool in the Microsoft documentation for instructions. Users may also need to clear their cache.