Hi All!
We are using Auth0 in our applications and have identified an issue where the size of the request header is exceeding the limit, causing failures on the auth0 endpoints and not retaining the user state. After investigating, we found that the Auth0 endpoint has a hard limit on the header size of 8K, and sometimes the endpoints used to authorize users exceed this limit. This is not happening consistently, as the cookie size varies with each request and we are NOT manually adding anything to the cookies.
Application Setting
We have created an application as a ‘Regular Web App’ and using NextJS Auth0 SDK to integrate.
Failing Auth0 Endpoints
/api/auth/me
/api/auth/callback
More Information
We conducted a POC to investigate how to decrease the cookie size for the aforementioned use case. Our findings revealed that the auth/me endpoint generates an app session cookie that is approximately 7K in size. This raises the question of how to limit the header size to less than 8K if the SDK creates 7K header data.
We require some assistance
- If SDK creates 7K header data, how can I limit the header size to 8K? Theoretically, we can but in the future cannot ensure the header size
- Also, how can I increase the Auth0 header size? I
- Is there a way to reduce the cookie size?
Please let me know if you need any additional information.