This repository has been archived by the owner on Dec 7, 2020. It is now read-only.
Problem with kc-access/kc-state cookie, which has more than 4093 bytes #278
Comments
jangaraj
changed the title
Closed
jangaraj
referenced
this issue
Nov 24, 2017
- adding an option to stop the proxy from including the authorization cookies in the upstream request
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
As a user I have a lot of assigned groups, so my access token can have more than 4093 bytes. Also, token encryption adds some additional bytes. The problem is that (encrypted) access/refresh token is stored in the cookie (
kc-access/kc-state) and the browser may have a problem to write more than 4093 bytes per single cookie - it will result in the infinite loop of issuing access token between keycloak-proxy and IDP because cookie value is not available.Solution:
If the length of cookie data for the
kc-accesscookie is larger than 4093 bytes, then set more cookies in the browser, (kc_access, kc-access-1, kc-access-2, ...) so the single cookie will store max 4093 bytes. Also when keycloak-proxy readskc-accesscookie, it will read all cookies with prefixkc-access_and it will combine them into one value internally.Reference for the constant
4093- http://browsercookielimits.squawky.net/.Any better ideas how to solve this browser cookie size limit?
WIP: master...jangaraj:divided-access-cookie
The text was updated successfully, but these errors were encountered: