Last post Dec 18, 2018 09:36 AM by Brando ZWZ
Dec 17, 2018 04:22 PM|Rivki Aizen|LINK
I am using IdentityServer3 with OpenID Connect to authenticate user with DB, sometimes (not clearly when, couldn’t restore the problem manually) I get the message 'Bad request - Request too long. the size of the request headers is too long'.
The issue now occurs on Google Chrome MF. After deleting the cookies, the site will work. I'm running version 4.0.0 of the OpenID Connect package.
The issue is known and caused by the nonce cookies which are created by openid connect. When it shows the error, at that moment, more than 20 of those cookies exist in the browser (Chrome, Firefox and Edge). I tried different things, but still no solution:
I tried to add Kentor.OwinCookieSaver but it didn’t help
This is how the cookies seem when the error occurs:
After hours of searching and trying, I recognized that the path of the cookie is “/identity” and the nonce is “/”.
I don’t know but maybe this is the problem: when I wrote the code that deletes Nonce, I tried to get the signInMessage cookies too, and I saw that only those that with the path “/” are in the list, but the signInMessage cookie wasn’t in the list of the cookies.
if this is it the problem, can you give me clue why is it happen?
Dec 18, 2018 09:36 AM|Brando ZWZ|LINK
Hi Rivki Aizen,
Could you please tell me how you authenticate user in your codes?
Besides, since this issue is related with identity server, I suggest you could post this thread in the identity server github issuer.