IdentityServer3: Bad request - Request too long. the size of the request headers is too long, SignInMessage Cookie duplicated RRS feed

  • Question

  • I am using IdentityServer3 with OpenID Connect to authenticate user with DB, sometimes (not clearly when, couldn’t restore the problem manually) I get the message 'Bad request - Request too long. the size of the request headers is too long'.
    The issue now occurs on Google Chrome MF. After deleting the cookies, the site will work. I'm running version 4.0.0 of the OpenID Connect package.
    The issue is known and caused by the nonce cookies which are created by openid connect. When it shows the error, at that moment, more than 20 of those cookies exist in the browser (Chrome, Firefox and Edge). I tried different things, but still no solution:
    • Downgrading the package to version 3.0.0 didn't solved it either. Extra problems due to related package which were on newer versions.

    • Deleting old Nonce cookies helped with Nonce Cookies, but not helped to SignInMessage Cookies that is duplicated Number of times when the issue is occurred

    • I configured SignInMessageThreshold to 1, didn’t helped

    • I tried to add Kentor.OwinCookieSaver but it didn’t help

    After hours of searching and trying, I recognized that the path of the cookie is “/identity” and the nonce is “/”.
    I don’t know but maybe this is the problem: when I wrote the code that deletes Nonce, I tried to get the signInMessage cookies too, and I saw that only those that with the path “/” are in the list, but the signInMessage cookie wasn’t in the list of the cookies.
    if this is it the problem, can you give me clue why is it happen?

    • Moved by CoolDadTx Monday, December 17, 2018 2:50 PM ASP.NET related
    Monday, December 17, 2018 8:16 AM

All replies

  • Please post questions related to web development in the ASP.NET forums.

    Michael Taylor http://www.michaeltaylorp3.net

    Monday, December 17, 2018 2:50 PM