You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add cookie size management tips to troubleshooting guide
Expanded the troubleshooting documentation with strategies for managing cookie and header size limits, particularly during authentication. This includes methods such as calling `SignOutAsync`, setting `SaveTokens` and `MapInboundClaims` to `false`, and implementing `OnTicketReceived` to optimize cookie usage.
#591
Copy file name to clipboardExpand all lines: src/content/docs/identityserver/troubleshooting.md
+24-1Lines changed: 24 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -244,4 +244,27 @@ Architectural issues that may be causing connection resiliency issues you may wa
244
244
- Lack of caching in a high-load production environment.
245
245
- Under-provisioned database instance with limited resources or connections available.
246
246
- Datacenter networking issues caused by incorrect zoning choices.
247
-
- Under-provisioned application host with limited cores/threads.
247
+
- Under-provisioned application host with limited cores/threads.
248
+
249
+
## Cookie and Header Size Limits and Management
250
+
251
+
The default cookie size limit is `4096` bytes. This is a limit imposed by the browser. In practice, this limit is
252
+
enough for most applications. However, there are some scenarios where the default limit is not enough. ASP.NET Core will chunk cookies into multiple parts if they exceed the limit, but you may still run into `Bad Request - Request Too Long` when trying to set a cookie during the authentication process.
253
+
254
+
Here are some ways to manage the cookie size during authentication:
255
+
256
+
### Initiate a `SignOutAsync` during `Challenge`
257
+
258
+
When invoking `Challenge`, be sure to call `SignOutAsync` before returning the challenge result. This will ensure any existing session cookie is removed and a new one is created.
259
+
260
+
### Set SaveTokens to `false`
261
+
262
+
When dealing with external authentication, you may want to set `SaveTokens` to `false` when calling `AddOpenIdConnect` to avoid storing the tokens in the cookie. Storing these tokens may not be necessary for your use case and thus take up unnecessary space.
263
+
264
+
### Set MapInboundClaims to `false`
265
+
266
+
When dealing with external authentication, you may want to set `MapInboundClaims` to `false` when calling `AddOpenIdConnect` to avoid mapping the claims from the external provider to the local user. Microsoft's namespace for external claims is `http://schemas.microsoft.com/identity/claims/` is larger than the claim names used by OpenID Connect and can take up unnecessary space.
267
+
268
+
### Implement `OnTicketReceived` To Reduce Cookie Size
269
+
270
+
When dealing with external authentication, you may want to implement `OnTicketReceived` to reduce the size of the cookie. This is a callback that is invoked after the authentication process is complete. You can use this callback to remove any claims that are not needed by your solution.
0 commit comments