ASP.Net Core makes too many cookies for my app to handle

时光总嘲笑我的痴心妄想 提交于 2021-02-17 05:50:06

问题


I have a test application that I am using to test integration with my WSO2 Identity Server IDP. When run by itself it works just fine. It makes an .AspNetCore.Antiforgery cookie and an .AspNetCore.Cookies cookie. The anti-forgery cookie is 190 bytes and the main cookie is 3.7K bytes.

But if I login to another application first, then load my my test harness page, it get 4 additional cookies:

  • .AspNetCore.CookiesC1 - 4K Bytes
  • .AspNetCore.CookiesC2 - 4K Bytes
  • .AspNetCore.CookiesC3 - 4K Bytes
  • .AspNetCore.CookiesC4 - 1K Bytes

These additional cookies put me over a limit of some kind, because a page loads with the following error (instead of my application):

Bad Request - Request Too Long
HTTP Error 400. The size of the request headers is too long.

I don't know how to see what is in these additional cookies because they are base 64 (and I think they are encrypted).

My question is, why would ASP.Net core add so many extra cookies just because I logged into another site (using the same WSO2 IDP, but a different OIDC application)? And can I prevent it from happening?

Additional Notes:

  • As I reproduce this over and over to get details, I am noticing that sometimes it can add the extra cookies, but not give the error message. When that happens, the only difference seems to be that the original cookie of .AspNetCore.Cookies is changed to read "4 chunks" instead of its long value. But this is only on the second application. The other seems to be able to load it fine with the extra size (and I have tried reversing the order...) I am very confused...

回答1:


This often happens when you have too many claims in your user identity. What you might try doing is modifying your application so that it only keeps the most commonly used information about your user in claims and does an on-demand lookup for the others.



来源:https://stackoverflow.com/questions/65333180/asp-net-core-makes-too-many-cookies-for-my-app-to-handle

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!