Weird (undefined) behaviour of metadata limits

recently with update of our post login flow we came across weird behaviour with metadata limits for user.
Firstly, it is quite confusing to actually find out what is limit as in docs there is mentioned:

  • 16MB limit
  • 4kB limit of app and user metadata persistence for session in action (is this same for rules? couldn’t find). Also what does metadata persistence for session actually means?
  • …no more than ten properties. Property names can have a maximum of 100 characters, and property values must be strings of no more than 500 characters, for sign up API.

Secondly, to the weird/undefined behaviour. Some of our users have metadata size larger than 4kBs. Recently this came to our attention as we got error message on login Your metadata has exceeded the allowed limit of 4096 bytes.. This was weird to us, cause few users (including me as dev) had metadata larger than 4kBs for quite some time without any problems. Following investigation shown these findings:

  • Error only pops up for users without any successful login eg.
    • I’ve created account, added metadata larger than 4kB → error appeared
    • I’ve created account, logged in successfully, added metadata larger than 4kBs all following logins were successful even with metadata larger than 4kBs
  • Error only happened on email provided accounts, saml and waad providers had no such problem, even first success login was with metadata larger than 4kBs (16kBs to be precise)
  • Error most likely stems from (action limit of 4kBs)[Actions Limitations]

Thirdly, 4kBs is quite strict limit, when taking into account even very strict viewer lambdas@edge have, 40kBs limit.

Now to the questions

  • Could you explain phrase 4kBs of metadata persistence per session?. Best with example.
  • Could you explain what is behind weird behaviour with metadata limit? Is there any reason why it would happen only on email provided account? Is there any reason it would work after first login? I investigated our post login actions,if they differ in aforementioned case, but not really.

And yes, I’ve seen 4kb limit to user_metadata? and Metadata Size Limits