Last Updated: Nov 25, 2024
Overview
The cookie generated by Auth0 Next.js SDK is relatively high, causing issues with the API gateway/cloud vendor.
Applies To
- Next.js SDK
Cause
The Auth0 Next.js SDK stores the session information in a cookie called “appSession” by default. This session includes tokens received by the user, so it can be a few kilobytes in size.
If there are other cookies in the domain that add up to the size and if using a cloud platform that has a cap on header or cookie sizes, this can potentially cause issues.
Solution
This requires some work, but the cookie will only contain an identifier when this is done, so the cookie size will be negligible.
The following comments on this GitHub issue can provide more context and suggestions: Reducing cookie size.
Since the post above, Auth0 added the mentioned custom session storage to store the session information outside of the cookie and only a pointer to that session in a DB on the cookie (Use a custom session store), which is the ideal approach.
Additionally, there is the storeIdToken option if it is possible to omit storing the ID token (if it is not needed). Set storeIdToken, AUTH0_SESSION_STORE_ID_TOKEN to false if not already, to remove a bit more from the session: Do not store the ID token by default.