0

I'm currently working on an ASP.NET MVC project and I'm using an azure AD to connect to my website.

When I try first on Chrome, for exemple, those are the cookies that are created : enter image description here

And every thing works fine ! But if I launch the same website on FireFox without stoping IIS express, I got an infinite number of cookies incoming and the server stop and says :

HTTP 400. The size of the request headers is too long.

And got this list of cookies :

enter image description here

If I close IIS Express and retry an other time with FireFox, it created only 3 cookies and works fine...

Can Someone explain me what is going on ?

PS: Please don't give the solution " you need to delete old cookies" it's not the problem here... It doesn't work even if I don't have any cookies... AND nothing matters what browser i'm using, I've tried 6 differents browsers and every time only the first who has been launch is the only one who works.

Thanks in advance for your help !

MrPixel6
  • 357
  • 1
  • 4
  • 19

1 Answers1

0

Reason/Investigations I think you have some API or AJAX calls which are secure and require authentication. When you change the browser and your requests are no more authenticated and on AJAX or API call it start creating the cookies. I am sure if you will login to the app in FireFox it will stop doing that. I dont think it is a browser specific issue. If you will move the app from Firefox to IE it will do the same.

Solution Now, you have to either make sure that when you are not logged in or the request is not authenticated you redirect to login page and stop making unauthenticated calls.

Other solution is to delete all nonce cookies as per MikeDotNet solution.

You will find some people suggesting that it is a bug in Microsoft Nuget package Microsoft.Owin.Security.OpenIdConnect and if you use 3.0.0 it will fix the problem. It works in some of the cases but I found that solution good for IIS but not in Cloud.

TAM
  • 1