Large header suddenly received on signin

DS911 · November 7, 2021, 7:48am

I’m using nginx and suddenly receiving the same error message mentioned on several forums about a large header being sent back from the “signin-oidc” route:

github.com/auth0/express-openid-connect

V2 cookies are huge

opened 10:25AM - 30 Sep 20 UTC

closed 02:24PM - 02 Oct 20 UTC

piec

question

Hi, Thank you for your work on v2. In my use case I need to call userinfo an…d the v2 api [makes it really simple](https://github.com/auth0/express-openid-connect/blob/master/EXAMPLES.md#6-calling-userinfo). In v1 I have to keep around users' tokenset with express-session for example. The issue I have is the size of the appSession cookies (plural because they are chunked in several cookies). ![image](https://user-images.githubusercontent.com/781471/94672769-0308bc00-0316-11eb-8a2d-9792f73300b1.png) A bit more than 4k in my case, is it due to my setup? (I guess a tokenset is stored in the cookies which explains the simplified userinfo api). V1 appSession cookies are ~500 bytes. For each request+response from the browser to the api the cookies are sent as part of the request and updated cookies are sent from the api. I think I wouldn't have noticed immediately but the default configuration of nginx (used as reverse proxy in front of the api) doesn't let these large headers go through: (due to the cookie size I think) ``` [error] 27#27: *897 upstream sent too big header while reading response header from upstream, client: 172.18.0.1, server: , request: "POST /api/auth/callback HTTP/1.1", upstream: "http://172.18.0.5:3001/api/auth/callback" ``` nginx can be configured to allow this using for example: ```conf proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; ``` What do you think about it? The tokenset has to be stored somewhere but it's not always needed for very simple usecases right?

I have changed the nginx configuration file a number of times to no avail and don’t expect specific help on that here, but I would like to know what could’ve possibly resulted in the response suddenly jumping up in size when I’ve made no changes in auth0? This started happening in the last 5-7 days.

dan.woda · November 15, 2021, 9:42pm

Hi @DS911,

I’m not seeing any similar reports or issues being reported on our side.

system · January 20, 2022, 11:04pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
502 Bad Gateway errors due to large response headers from Auth0 Help auth0-php , sdks-quickstarts	1	37	October 7, 2024
Request Header or Cookie Too Large Knowledge Articles cookies , cookie , cookie-size , request-headers , nginx-error , reverse-proxy	1	5366	May 17, 2023
Auth0 Endpoint Failure - Request Header or Cookie Too Large Help sessions , authentication-sessions	0	1185	September 21, 2023
Browser Header Field Exceeds Limit Help auth0-php , sdks-quickstarts	4	1531	March 16, 2023
M2M Applications being generated with unreasonably large access tokens Help apis , application	6	23	August 30, 2024

Large header suddenly received on signin

Related Topics