1

We have react based application where we use cookie to store user's sessionid specifically, we stored big list of users rights in the cookie also which are used for specific purpose for front end validation (and sure api is also validating in backend side). As the user's rights list grow up, we get to know about the limitation of cookie size (we are learning and implementing things --- noobs), so now we have stopped storing user's rights in cookie now.

But now we have one issue, the cookie size issue is coming with message of either the blank page of the system or with server message 400 Bad Request - request header or cookie too large. Though we have remove storing unnecessary info in cookies now, the previously stored cookies in browser has been giving the problem. So is there any way we can deal with this issue ? Can we remove the unnecessary cookies from previous sessions through code level or any other ideas around ? Ideas/feedback appreciated. Thanks

  • Well that’s a nice catch-22 :-) If your cookies were set to be valid under a specific path only (not the full domain), you could try and unset them from a different path (if you can get the clients to make a request for that in the first place; and if browser will accept that, not sure.) Or you could try and check if this is configurable for your server - and then allow larger request headers/cookies temporarily, so you can fix the issue by deleting the cookies with the response then. – CBroe Mar 30 '20 at 08:59
  • Or you could try and unset them together _with_ the 400 response - either via Set-Cookie headers, or maybe via JS embedded in the 400 error document (if they have not been set as HTTP only). If none of these work - then put some message into your 400 error document asking users to please delete their cookies on their device … – CBroe Mar 30 '20 at 09:00
  • Or tell your users to do this https://stackoverflow.com/questions/6538926/chrome-returns-bad-request-request-too-long-when-navigating-to-local-iis-exp – mplungjan Mar 30 '20 at 09:06
  • thank you for your valuable feedback. If anything new please keep them coming. –  Mar 31 '20 at 09:05

0 Answers0