IdentityServer3: Bad request - Request too long. the size of the request headers is too long, SignInMessage Cookie duplicated RSS

• • Reply
  Rivki Aizen

  None

  0 Points

  1 Post

  IdentityServer3: Bad request - Request too long. the size of the request headers is too long, Sig...

  Dec 17, 2018 04:22 PM|Rivki Aizen|LINK

  I am using IdentityServer3 with OpenID Connect to authenticate user with DB, sometimes (not clearly when, couldn’t restore the problem manually) I get the message 'Bad request - Request too long. the size of the request headers is too long'.
  The issue now occurs on Google Chrome MF. After deleting the cookies, the site will work. I'm running version 4.0.0 of the OpenID Connect package.
  The issue is known and caused by the nonce cookies which are created by openid connect. When it shows the error, at that moment, more than 20 of those cookies exist in the browser (Chrome, Firefox and Edge). I tried different things, but still no solution:

  • Downgrading the package to version 3.0.0 didn't solved it either. Extra problems due to related package which were on newer versions.
  • Deleting old Nonce cookies as suggested in 
    https://github.com/IdentityServer/IdentityServer3/issues/1124 helped with Nonce Cookies, but not with SignInMessage Cookies that is duplicated Number of times when the issue is occurred
  • I configured SignInMessageThreshold to 1, didn’t helped

  • I tried to add Kentor.OwinCookieSaver but it didn’t help

  This is how the cookies seem when the error occurs:

  

  After hours of searching and trying, I recognized that the path of the cookie is “/identity” and the nonce is “/”. 
  I don’t know but maybe this is the problem: when I wrote the code that deletes Nonce, I tried to get the signInMessage cookies too, and I saw that only those that with the path “/” are in the list, but the signInMessage cookie wasn’t in the list of the cookies. 
  if this is it the problem, can you give me clue why is it happen?

• • Reply
  Brando ZWZ

  Star

  9831 Points

  3120 Posts

  Re: IdentityServer3: Bad request - Request too long. the size of the request headers is too long,...

  Dec 18, 2018 09:36 AM|Brando ZWZ|LINK

  Hi Rivki Aizen,

  Could you please tell me how you authenticate user in your codes?

  Besides, since this issue is related with identity server, I suggest you could post this thread in the identity server github issuer.

  https://github.com/IdentityServer/IdentityServer3/issues 

  Best Regards,

  Brando

  .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.